[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SELinux policy for both Enterprise Linux 5 and 6



On 12/01/2011 03:15 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/01/2011 06:03 AM, Miroslav Grepl wrote:
>> On 11/18/2011 02:05 AM, Brian Ginn wrote:
>>> I have SELinux policy that is compiled on Red Hat Enterprise
>>> Linux 5.
>>>
>>> This policy fails to install on Red Hat Enterprise Linux 6 with
>>> the following message:
>>>
>>> libsepol.print_missing_requirements: pbrun's global requirements
>>> were not met: type/attribute system_chkpwd_t (No such file or
>>> directory).
>>>
>> This type does not exist on RHEL6. This is a problem why you can
>> not load your local policy. You probably just need to recompile
>> your policy on RHEL6. Another option would be to use
>> "optional_policy" block for interface calling.
>>
>> For example
>>
>> optional_policy(` auth_domtrans_chk_passwd(test_t) ')
>>
>> If something is wrong with this interface then it won't be used.
>> But of course, then you will lost a part of functionality.
>>>
>>>
>>> Is there a way to write SELinux policy so that It can be compiled
>>> on v 5.x and will run on 6.x ?
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Brian
>>>
>> Regards, Miroslav
>>>
>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> Miroslav we need to add the type alias for this situation, though.
I was thinking about that, but this is between major release. Is this 
possible?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk7XjAUACgkQrlYvE4MpobPjCwCgl5KGLHffnscGuAbg8r8ud/td
> xXsAni/3l1Qy/ud5MtZj7tEKQEWfJSuV
> =Trss
> -----END PGP SIGNATURE-----

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux

Google
  Web www.spinics.net