I am following the instructions found here to customize the policy:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2784794
But I get this:
###################################################### # audit2allow -i audit.txt -M local -l Generating type enforcment file: local.te Compiling policy checkmodule -M -m -o local.mod local.te /usr/bin/audit2allow: sh: checkmodule: command not found ######################################################
The problem is, I have no idea what is "checkmodule".
###################################################### # which checkmodule /usr/bin/which: no checkmodule in (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin) # yum provides checkmodule Loading "installonlyn" plugin Searching Packages: Setting up repositories macromedia [1/5] livna [2/5] core [3/5] updates [4/5] extras [5/5] Reading repository metadata in from local files Importing additional filelist information No Matches found ######################################################
On Tue, 2006-03-28 at 10:05 -0800, Florin Andrei wrote:
I am following the instructions found here to customize the policy:
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2784794
But I get this:
###################################################### # audit2allow -i audit.txt -M local -l Generating type enforcment file: local.te Compiling policy checkmodule -M -m -o local.mod local.te /usr/bin/audit2allow: sh: checkmodule: command not found ######################################################
The problem is, I have no idea what is "checkmodule".
yum install checkpolicy
It contains both checkpolicy (compile monolithic policies) and checkmodule (compile modular policies).
On Tue, 2006-03-28 at 13:22 -0500, Stephen Smalley wrote:
yum install checkpolicy
It contains both checkpolicy (compile monolithic policies) and checkmodule (compile modular policies).
Cool, that solved it.
Still, it might be a good idea to mention in the FAQ that the checkpolicy package needs to be installed, since it's not installed by default.
selinux@lists.fedoraproject.org