LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Error install selinux on slackware (http://www.linuxquestions.org/questions/linux-security-4/error-install-selinux-on-slackware-4175454378/)

alexchen 03-16-2013 09:40 PM

Error install selinux on slackware
 
I installed the selinux user tools:
1.checkpolicy-2.1.8
2.libselinux-2.1.9
3.libsemanage-2.1.6
4.libsepol-2.1.4
5.policycoreutils-2.1.10
6.sepolgen-1.1.5
linux-kernel: 3.2.40
When I Run the scripts/usr/src/linux/scripts/selinux/install_policy.sh
policy.conf:ERROR 'unknow role base_r' at token ':' on line 1109
type base_t;
checkpolicy: error encountered while parsingconfiguration
How can I solve it ?

unSpawn 03-17-2013 09:47 AM

Quote:

Originally Posted by alexchen (Post 4913135)
When I Run the script /usr/src/linux/scripts/selinux/install_policy.sh
policy.conf:ERROR 'unknow role base_r' at token ':' on line 1109
type base_t;
checkpolicy: error encountered while parsing configuration

While this message on its own is way too terse for me to say something conclusive about (plus you haven't referenced or told us what steps you took before running the script) it seems the "base_r" role wasn't defined before it's used (doh) so you'll have to find out first where it's referenced and if it's part of some .pp policy module load it first. One link that may come in handy is the SELinux Reference Policy mailing list at http://oss.tresys.com/mailman/listinfo/refpolicy BTW. And while it's slightly off topic I would be interested to know why you chose this particular MAC instead of 0) running a Linux distribution that fully supports SELinux out of the box or 1) choosing a different MAC you can graft on way easier like GRSecurity, TOMOYO, etc, etc?..

alexchen 03-18-2013 08:43 AM

Ok, Thank you.

Noway2 03-18-2013 09:51 AM

As a followup, my initial thought regarding the error message was that the file system hasn't been converted to support the SELinux extensions. Irregardless, I think it would be telling to look at the output of an 'ls -z' command to see what it reports.


All times are GMT -5. The time now is 09:30 AM.