[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted
From:       Russell Coker <russell () coker ! com ! au>
Date:       2004-02-29 18:03:08
Message-ID: 200403010503.08576.russell () coker ! com ! au
[Download RAW message or body]

On Mon, 1 Mar 2004 03:01, Dale Amon <amon@vnl.com> wrote:
> > What is the problem?  When I compile a policy without klogd (suitable for
> > a syslog-ng system) it works.
>
> After Colin's install script removes klogd.te, the policy build fails:
>
> Using policy installation method "Automatic"
> /usr/bin/checkpolicy:  loading policy configuration from
> /etc/security/selinux/src/policy.conf ERROR 'unknown type klogd_t' at token
> ';' on line 39546:
> #
> neverallow ~klogd_t proc_kmsg_t:file ~{ getattr };
> /usr/bin/checkpolicy:  error(s) encountered while parsing configuration

I fixed this in my policy ages ago, below is the policy section in question 
(see the list archives for details).  What policy are you running?

ifdef(`klogd.te', `
neverallow ~klogd_t proc_kmsg_t:file ~stat_file_perms;
', `
ifdef(`syslogd.te', `
neverallow ~syslogd_t proc_kmsg_t:file ~stat_file_perms;
')dnl end if syslogd
')dnl end if klogd

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]