From mboxrd@z Thu Jan 1 00:00:00 1970 From: rfkrocktk@gmail.com (Naftuli Kay) Date: Mon, 30 Jan 2017 10:45:53 -0800 Subject: [refpolicy] Install Directory for Reference Policy? In-Reply-To: <1485729813.9034.5.camel@trentalancia.net> References: <8978CC35-BED8-451C-BB84-F2335A256ADE@chaschperli.ch> <1485729813.9034.5.camel@trentalancia.net> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Guido, naftuli at reprisal:~$ checkpolicy -V 29 (compatibility range 29-15) naftuli at reprisal:~$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: default Current mode: permissive Mode from config file: permissive Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 30 This is when I have configured the default policy in /etc/selinux/config. This is provided by Ubuntu upstream selinux-policy-default. As noted before, please compare the following: https://gist.github.com/naftulikay/ac03e45ea7c66bd3537e41eac0e3d40f As you have noted, there is no binary policy file installed in the correct directory for refpolicy, and there is for default. If I run a `find . -iname 'policy.*'` in my refpolicy source directory, I find no binary policy files. How should I go about correcting this? Thanks, - Naftuli Kay On Sun, Jan 29, 2017 at 2:43 PM, Guido Trentalancia via refpolicy wrote: > On Sun, 29/01/2017 at 11.14 -0800, Naftuli Kay wrote: >> Okay, so again to reiterate, I am on elementary Loki, which is Ubuntu >> 16.04. I have installed all build dependencies and I have cloned the >> Git repository to a local directory at >> ~/Documents/Development/refpolicy. >> >> I have made sure that both the top-level Git repository (refpolicy) >> and the refpolicy-contrib submodule are both up to date with latest >> master from GitHub. >> >> Following Guido's guidance, I did the following: >> >> cd ~/Documents/Development/refpolicy >> make clean >> make conf >> >> I then edited build.conf to enable systemd, because that is my init >> here on 16.04. I did not make any other modifications, the policy >> name >> is refpolicy and the type is standard. >> >> I then ran: >> >> $ sudo make install-src >> rm -rf /etc/selinux/refpolicy/src/policy.old >> mv /etc/selinux/refpolicy/src/policy >> /etc/selinux/refpolicy/src/policy.old >> mv: cannot stat '/etc/selinux/refpolicy/src/policy': No such file or >> directory >> Makefile:551: recipe for target 'install-src' failed >> make: [install-src] Error 1 (ignored) >> mkdir -p /etc/selinux/refpolicy/src/policy >> cp -R . /etc/selinux/refpolicy/src/policy >> >> $ sudo make install-src >> rm -rf /etc/selinux/refpolicy/src/policy.old >> mv /etc/selinux/refpolicy/src/policy >> /etc/selinux/refpolicy/src/policy.old >> mkdir -p /etc/selinux/refpolicy/src/policy >> cp -R . /etc/selinux/refpolicy/src/policy >> >> The first time, as shown, errored, and the second time seemed to >> work. >> >> I then ran: >> >> make policy >> sudo make install >> >> It compiled all of the modules and it seems that it installed >> everything to /usr/share/selinux/refpolicy, rather than >> /etc/selinux/refpolicy, which it seems is what my distribution >> expects. >> >> I then ran >> >> sudo make load >> >> It failed with: >> >> /usr/sbin/semodule: SELinux policy is not managed or store cannot be >> accessed. >> >> There is a lot of debugging output which I have listed here: >> https://gist.github.com/naftulikay/3c24fc7a1d63f26c3e401f6ed5a1f8b5 > > After looking more carefully at the files that have been installed on > your system, I realize that you are missing the actual binary policy. > > It's a file named "policy.29" or "policy.30" and that goes in > /etc/selinux/refpolicy. It should be generated during "make policy", > but you have not mentioned about errors during that build stage... > > In the development tree, it is located top- > level: ~/Documents/Development/refpolicy/policy.29 > or ~/Documents/Development/refpolicy/policy.30 > > Without more information, I don't know why you are missing that... > > It should be generated by checkpolicy. Do you have checkpolicy > installed ? Try typing "checkpolicy -V". > > Regards, > > Guido > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy