search for: checkmodule

Displaying 9 results from an estimated 9 matches for "checkmodule".

2011 Jan 17
1
SELinux : semodule_package, magic number does not match
...with no succes : $ cat <<EOF> foo.te module local 1.0; require { type httpd_sys_script_exec_t; type httpd_sys_script_t; class lnk_file read; } #============= httpd_sys_script_t ============== allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; EOF $ checkmodule -M -m -o foo.mod foo.te checkmodule: loading policy configuration from foo.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 6) to foo.mod $ semodule_package -o foo.pp -m foo.mod $ echo $? 0 # So far, so good. But : $ checkmodule -b foo.pp checkmod...
2007 Dec 08
9
distributing selinux policy module
Using audit2allow, I was able to create a policy module for selinux: audit2allow -i /var/log/audit/audit.log -M mysqld (creates mysqld.pp and mysqld.te) I want to distribute this to all my puppet clients. I can easily put this file in /etc/selinux/targeted/modules/active/modules But even after reboot, although I can see the module listed: semodule -l ... it doesn''t seem to actually
2007 Jun 12
1
Selinux custom policy issue - Centos 5
...same function). The means of applying custom SELinux policy has changed somewhat from 4->5. I've got it mostly figured out; I have a local.te file with my custom policy and also which defines a few new file types, and a local.fc with appropriate defintions of file contexts. When I run: # checkmodule -M -m -o local.mod local.te # semodule_package -o local.pp -m local.mod # semodule -i local.pp (all in /usr/share/selinux/targeted), the policy gets installed and works properly. However, I can't then use fixfiles or the like to set the custom file contexts (my custom file contexts aren't...
2008 Aug 10
7
SELinux
Hi list, I've knocked up a contribution on SELinux here: http://wiki.centos.org/HowTos/SELinux I've tried to pitch it as an introduction for those not already familiar with SELinux but also hopefully a useful reference. I'm relatively new to SELinux and have covered pretty much everything I know to the limits of my limited knowledge. If folks think other material needs to be
2019 Apr 16
0
Time Synchronisation - SELinux Labeling and Policy
...mba AD installation (compiled or 3rd party RPM) Run make to build the SELinux module Note: https://stopdisablingselinux.com/ :-) You will need policycoreutils-python and checkpolicy in order to be able to build the SELinux module ==================== Makefile ======================== module: checkmodule -M -m -o local.mod local.te semodule_package -o local.pp -m local.mod semodule -i local.pp ==================== local.te ======================== module local 1.0; require { type ntpd_t; type <sign_socket_context>; class sock_file write; class dir search; } allow chr...
2012 Oct 02
1
SELinux, Amavis, Clamav
...class dir {search read getattr open write add_name create setattr remove_name rmdir}; } allow clamscan_t amavis_var_lib_t:file {getattr read open write create unlink}; allow clamscan_t amavis_var_lib_t:dir {search read getattr open write add_name create setattr remove_name rmdir}; -EOF- * checkmodule -M -m -o se_clamav_amavis.mod se_clamav_amavis.te * semodule_package -o se_clamav_amavis.pp -m se_clamav_amavis.mod * semodule -i se_clamav_amavis.pp --- N.B. I am just migrating from SuSE to CentOS and this is my first contact with SELinux. I have *no idea* if this is the appropriate approach t...
2019 Apr 16
4
Time Synchronisation - SELinux Labeling and Policy
hi, i want set selinux to usw with ntpd but when i run (as described in wiki) semanage -a -t ntpd_t "/usr/local/samba/var/lib/ntp_signd" i have that error " usage: semanage [-h] {import,export,login,user,port,ibpkey,ibendport,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage: error: argument subcommand: invalid choice:
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
...# # 1) Create this file with the data shown below: # # local_postfix.te # # 2) Compile this file: # # checkmodule -M -m -o local_postfix.mod local_postfix.te # # 3) Create SELinux policy package: # # semodule_package -o local_postfix.pp -m local_postfix.mod # # 4) Move policy package to normal SELinux modules directory: # # mv...
2012 Nov 26
0
Installation and Setup of Samba4 AD DC on CentOS6
..._t:unix_stream_socket connectto; allow smbd_t named_var_run_t:file { read write getattr open lock }; allow smbd_t samba_unconfined_script_exec_t:dir read; allow smbd_t urandom_device_t:chr_file write; allow smbd_t var_lock_t:dir search; ---***--- Compile the module and create the policy package: # checkmodule -M -m -o samba4local.mod samba4local.te # semodule_package -o samba4local.pp -m samba4local.mod Load the module: # semodule -i samba4local.pp With this policy in place SELinux should be able to run in enforcing mode without affecting Samba. I also enabled the following SELinux booleans: # setseboo...