Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> SELinux module, Problem loading SELinux module
joaorobvieira
 Posted: Jun 19 2012, 09:16 AM
Quote Post


SLF Newbie


Group: Members
Posts: 6
Member No.: 1617
Joined: 14-June 12









Hi all,

I want to load a module to the current targeted police of SELinux. After I compile it and get the file.pp file, I write

semodule -v -s targeted -i file.pp

but I get the following:

"libsemanage.semanage.link_modules: Tried to link in a non-MLS module with an MLS base."

Does anyone knows how can I overcome this

Tnkz in advance

João
PM
^
zxq9
 Posted: Jun 19 2012, 09:06 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 321
Member No.: 611
Joined: 5-August 11









The module you're trying to load wasn't compiled with MLS support. This is usually because checkmodule was run without the -M switch. Try compiling again using:
CODE
checkmodule -m -M [other stuff] [inputfile]

-M should enable MLS/MCS support.
PMEmail PosterUsers Website
^
joaorobvieira
 Posted: Jun 21 2012, 12:34 PM
Quote Post


SLF Newbie


Group: Members
Posts: 6
Member No.: 1617
Joined: 14-June 12









Thnkz a lot ! Now I managed to do it!
Just one more question, what is the easy way to create a process with a certain domain (let's say) trusted_dom_t. I want to have a process with this domain executing a certain type of files. Consider that the policy is already written correctly.

PM
^
zxq9
 Posted: Jun 21 2012, 03:58 PM
Quote Post


SLF Geek
****

Group: Members
Posts: 321
Member No.: 611
Joined: 5-August 11









I've never had to create my own domain before, but its an interesting question and would be worth toying with.

Can you make up a toy example? Like start with a classic Hello World type program and add to it one example of each thing you want it to do. File access, writing to /tmp, db access, calling another process, forking, memory access, whatever.

I've read the basics of what establishing a domain means, but never having made one myself I'm not really sure how all the pieces work. With a toy example to go by I think I could answer your question a lot faster because I'd have something to star with.
PMEmail PosterUsers Website
^
joaorobvieira
 Posted: Jun 25 2012, 01:15 PM
Quote Post


SLF Newbie


Group: Members
Posts: 6
Member No.: 1617
Joined: 14-June 12









Can you check the new topic I created? when I do that nothing appears in the SELinux troubleshooter
PM
^
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll