[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: Re: Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted
From: Russell Coker <russell () coker ! com ! au>
Date: 2004-02-29 18:03:08
Message-ID: 200403010503.08576.russell () coker ! com ! au
[Download RAW message or body]
On Mon, 1 Mar 2004 03:01, Dale Amon <amon@vnl.com> wrote:
> > What is the problem? When I compile a policy without klogd (suitable for
> > a syslog-ng system) it works.
>
> After Colin's install script removes klogd.te, the policy build fails:
>
> Using policy installation method "Automatic"
> /usr/bin/checkpolicy: loading policy configuration from
> /etc/security/selinux/src/policy.conf ERROR 'unknown type klogd_t' at token
> ';' on line 39546:
> #
> neverallow ~klogd_t proc_kmsg_t:file ~{ getattr };
> /usr/bin/checkpolicy: error(s) encountered while parsing configuration
I fixed this in my policy ages ago, below is the policy section in question
(see the list archives for details). What policy are you running?
ifdef(`klogd.te', `
neverallow ~klogd_t proc_kmsg_t:file ~stat_file_perms;
', `
ifdef(`syslogd.te', `
neverallow ~syslogd_t proc_kmsg_t:file ~stat_file_perms;
')dnl end if syslogd
')dnl end if klogd
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic