problems with selinux-policy-default 1:1.14-2

problems with selinux-policy-default 1:1.14-2

[Andreas Schuldei]

installing on a selinx kernel gives me this:

=============================
petrus:~# apt-get install selinux-policy-default
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
  selinux-policy-default
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 0B/193kB of archives.
After unpacking 4129kB of additional disk space will be used.
Selecting previously deselected package selinux-policy-default.
(Reading database ... 32354 files and directories currently installed.)
Unpacking selinux-policy-default (from .../selinux-policy-default_1%3a1.14-2_all.deb) ...
Setting up selinux-policy-default (1.14-2) ...
make: *** /etc/selinux/src: No such file or directory.  Stop.
run-parts: /etc/dpkg/postinst.d/selinux exited with return code 2
"/bin/run-parts --arg=selinux-policy-default /etc/dpkg/postinst.d" failed: 256
dpkg: error processing selinux-policy-default (--configure):
 1Error running trigger postinst: No such file or directory
Errors were encountered while processing:
 selinux-policy-default
E: Sub-process /usr/bin/dpkg returned an error code (1)
petrus:~# l /etc/selinux/
total 20
drwxr-xr-x    4 root     root         4096 Aug  4 00:57 .
drwxr-xr-x   70 root     root         4096 Aug  4 00:57 ..
-rw-r--r--    1 root     root          120 Aug  2 09:28 config
drwxr-xr-x    2 root     root         4096 Aug  4 00:57 contexts
drwxr-xr-x    2 root     root         4096 Aug  2 09:28 policy
lrwxrwxrwx    1 root     root           33 Aug  4 00:57 src -> /usr/share/selinux/policy/current
petrus:~# l /usr/share/selinux/policy
total 12
drwxr-xr-x    3 root     root         4096 Aug  4 00:57 .
drwxr-xr-x    3 root     root         4096 Aug  4 00:57 ..
drwxr-xr-x    9 root     root         4096 Aug  4 00:57 default
==========================

src is a dangeling symlink.

changing it to point to /usr/share/selinux/policy/default 
lets me run into this error:

======================
petrus:~# rm /etc/selinux/src
petrus:~# ln -s /usr/share/selinux/policy/default /etc/selinux/src
petrus:~# apt-get install selinux-policy-default
Reading Package Lists... Done
Building Dependency Tree... Done
selinux-policy-default is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up selinux-policy-default (1.14-2) ...
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
security:  4 users, 6 roles, 1327 types, 1 bools
security:  52 classes, 188841 rules
/usr/bin/checkpolicy:  policy configuration loaded
/usr/bin/checkpolicy:  writing binary representation (version 18) to /etc/selinux/policy/policy.18
make: *** No rule to make target `file_contexts/program/webalizer.fc', needed by `file_contexts/file_contexts'.  Stop.
run-parts: /etc/dpkg/postinst.d/selinux exited with return code 2
"/bin/run-parts --arg=selinux-policy-default /etc/dpkg/postinst.d" failed: 256
dpkg: error processing selinux-policy-default (--configure):
 1Error running trigger postinst: No such file or directory
Errors were encountered while processing:
 selinux-policy-default
E: Sub-process /usr/bin/dpkg returned an error code (1)
======================

creating that file

=======================
petrus:~# touch /etc/selinux/src/file_contexts/program/webalizer.fc
=======================

lets me start the selection process.

this procedure was necessary after i attempted to install
selinux-policy-default on a non-selinux kernel. Then everything
worked fine untill i failed at the same point then now, after
going through the whole selection process:

=======================
Installing the new SE Linux policy
mount: none already mounted or /selinux busy
dpkg: error processing selinux-policy-default (--configure):
 subprocess post-installation script returned error exit status 32
Errors were encountered while processing:
 selinux-policy-default
E: Sub-process /usr/bin/dpkg returned an error code (1)
=======================

i am aware of the thread on this list where similar progress had
been made and at this point the discussion did not focus on how
to get around this error but if it was good or not to have
selinux in the fstab. in my case the package (or rather russel)
took care of that and there is the line

========================
none            /selinux        selinuxfs       noauto  0 0
========================

in my fstab.

how can i successfully create a policy anyway?




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: problems with selinux-policy-default 1:1.14-2

[Russell Coker]

On Wed, 4 Aug 2004 09:31, Andreas Schuldei <andreas@schuldei.org> wrote:
> lrwxrwxrwx    1 root     root           33 Aug  4 00:57 src ->
> /usr/share/selinux/policy/current petrus:~# l /usr/share/selinux/policy
> total 12
> drwxr-xr-x    3 root     root         4096 Aug  4 00:57 .
> drwxr-xr-x    3 root     root         4096 Aug  4 00:57 ..
> drwxr-xr-x    9 root     root         4096 Aug  4 00:57 default
> ==========================
>
> src is a dangeling symlink.

What happened to the current directory?

> changing it to point to /usr/share/selinux/policy/default

Don't do that.  If you do that the upgrading the policy will automatically 
over-write changes that you have made to your policy.

-- 
http://apac.redhat.com/disclaimer
See above URL for disclaimer.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: problems with selinux-policy-default 1:1.14-2

[Andreas Schuldei]

* Russell Coker (rcoker@redhat.com) [040806 12:16]:
> On Wed, 4 Aug 2004 09:31, Andreas Schuldei <andreas@schuldei.org> wrote:
> > lrwxrwxrwx    1 root     root           33 Aug  4 00:57 src ->
> > /usr/share/selinux/policy/current petrus:~# l /usr/share/selinux/policy
> > total 12
> > drwxr-xr-x    3 root     root         4096 Aug  4 00:57 .
> > drwxr-xr-x    3 root     root         4096 Aug  4 00:57 ..
> > drwxr-xr-x    9 root     root         4096 Aug  4 00:57 default
> > ==========================
> >
> > src is a dangeling symlink.
> 
> What happened to the current directory?

i didnt do anything with it. my guess is that it is generated
later during the configuration of the file.

i might attempt to selinux-ize my notebook, i can investigate
more closely then.

> > changing it to point to /usr/share/selinux/policy/default
> 
> Don't do that.  If you do that the upgrading the policy will automatically 
> over-write changes that you have made to your policy.

i changed the symlink back once the current directory was created
and populated. you surely know your installprocess better then i
do. perhaps you could investigate?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.