Displaying 9 results from an estimated 9 matches for "semodule_packag".
Did you mean:
semodule_package
2011 Jan 17
1
SELinux : semodule_package, magic number does not match
...s_script_t ==============
allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;
EOF
$ checkmodule -M -m -o foo.mod foo.te
checkmodule: loading policy configuration from foo.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 6) to foo.mod
$ semodule_package -o foo.pp -m foo.mod
$ echo $?
0
# So far, so good. But :
$ checkmodule -b foo.pp
checkmodule: loading policy configuration from foo.pp
libsepol.policydb_read: policydb magic number 0xf97cff8f does not match
expected magic number 0xf97cff8c or 0xf97cff8d
checkmodule: error(s) encountered while...
2007 Dec 08
9
distributing selinux policy module
Using audit2allow, I was able to create a policy module for
selinux:
audit2allow -i /var/log/audit/audit.log -M mysqld
(creates mysqld.pp and mysqld.te)
I want to distribute this to all my puppet clients.
I can easily put this file in
/etc/selinux/targeted/modules/active/modules
But even after reboot, although I can see the module listed:
semodule -l
... it doesn''t seem to actually
2007 Jun 12
1
Selinux custom policy issue - Centos 5
...stom SELinux policy has changed
somewhat from 4->5. I've got it mostly figured out; I have a local.te
file with my custom policy and also which defines a few new file types,
and a local.fc with appropriate defintions of file contexts. When I
run:
# checkmodule -M -m -o local.mod local.te
# semodule_package -o local.pp -m local.mod
# semodule -i local.pp
(all in /usr/share/selinux/targeted), the policy gets installed and
works properly. However, I can't then use fixfiles or the like to set
the custom file contexts (my custom file contexts aren't installed in
the main policy). I can apply the...
2008 Aug 10
7
SELinux
Hi list,
I've knocked up a contribution on SELinux here:
http://wiki.centos.org/HowTos/SELinux
I've tried to pitch it as an introduction for those not already familiar
with SELinux but also hopefully a useful reference.
I'm relatively new to SELinux and have covered pretty much everything I
know to the limits of my limited knowledge. If folks think other
material needs to be
2019 Apr 16
0
Time Synchronisation - SELinux Labeling and Policy
...ty RPM)
Run make to build the SELinux module
Note: https://stopdisablingselinux.com/ :-)
You will need policycoreutils-python and checkpolicy in order to be able
to build the SELinux module
==================== Makefile ========================
module:
checkmodule -M -m -o local.mod local.te
semodule_package -o local.pp -m local.mod
semodule -i local.pp
==================== local.te ========================
module local 1.0;
require {
type ntpd_t;
type <sign_socket_context>;
class sock_file write;
class dir search;
}
allow chronyd_t <sign_socket_context>:dir search...
2012 Oct 02
1
SELinux, Amavis, Clamav
...e
setattr remove_name rmdir};
}
allow clamscan_t amavis_var_lib_t:file {getattr read open write create
unlink};
allow clamscan_t amavis_var_lib_t:dir {search read getattr open write
add_name create setattr remove_name rmdir};
-EOF-
* checkmodule -M -m -o se_clamav_amavis.mod se_clamav_amavis.te
* semodule_package -o se_clamav_amavis.pp -m se_clamav_amavis.mod
* semodule -i se_clamav_amavis.pp
---
N.B. I am just migrating from SuSE to CentOS and this is my first
contact with SELinux. I have *no idea* if this is the appropriate
approach to solve the issue. I have found out this by trial and error
and not b...
2019 Apr 16
4
Time Synchronisation - SELinux Labeling and Policy
hi, i want set selinux to usw with ntpd
but when i run (as described in wiki)
semanage -a -t ntpd_t "/usr/local/samba/var/lib/ntp_signd"
i have that error
"
usage: semanage [-h]
{import,export,login,user,port,ibpkey,ibendport,interface,module,node,fcontext,boolean,permissive,dontaudit}
...
semanage: error: argument subcommand: invalid choice:
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
...stfix.te #
# 2) Compile this file: #
# checkmodule -M -m -o local_postfix.mod local_postfix.te #
# 3) Create SELinux policy package: #
# semodule_package -o local_postfix.pp -m local_postfix.mod #
# 4) Move policy package to normal SELinux modules directory: #
# mv local_postfix.pp /etc/selinux/targeted/modules/active/modules/ #
# 5) Update kernel with new policy package: #
# semodul...
2012 Nov 26
0
Installation and Setup of Samba4 AD DC on CentOS6
...r_run_t:file { read write getattr open lock };
allow smbd_t samba_unconfined_script_exec_t:dir read;
allow smbd_t urandom_device_t:chr_file write;
allow smbd_t var_lock_t:dir search;
---***---
Compile the module and create the policy package:
# checkmodule -M -m -o samba4local.mod samba4local.te
# semodule_package -o samba4local.pp -m samba4local.mod
Load the module:
# semodule -i samba4local.pp
With this policy in place SELinux should be able to run in enforcing
mode without affecting Samba.
I also enabled the following SELinux booleans:
# setsebool -P samba_domain_controller on
# setsebool -P samba_enabl...