LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Problems with Selinux on Fedora 17 (http://www.linuxquestions.org/questions/linux-security-4/problems-with-selinux-on-fedora-17-a-4175437539/)

Mike Davies 11-17-2012 03:13 AM

Problems with Selinux on Fedora 17
 
Hi,

I recently upgraded from Fedora 16 to Fedora 17. It all went well, until I wanted to ftp into my home directory. That didn't work then I rememebered I had to ...

setsebool -P ftp_home_dir=1

Unfortunately, that doesn't seem to work, it fails like ...

[root@ceri mike]# setsebool -P ftp_home_dir=1
libsepol.print_missing_requirements: mypol3's global requirements were not met: type/attribute unconfined_execmem_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
Could not change policy booleans
[root@ceri mike]#

Other stuff fails too. If I try to load a new module then it fails in a similar fashion, e.g.

[root@ceri mike]# semodule -i test.pp
libsepol.print_missing_requirements: mypol3's global requirements were not met: type/attribute unconfined_execmem_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!

I'm no expert on selinux. What is going on here. What is missing ?

unSpawn 11-17-2012 07:19 AM

Quote:

Originally Posted by Mike Davies (Post 4831242)
Code:

[root@ceri mike]# setsebool -P ftp_home_dir=1
libsepol.print_missing_requirements: mypol3's global requirements were not met: type/attribute unconfined_execmem_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
Could not change policy booleans


The print_missing_requirements message doesn't seem to relate directly to setsebool usage, at least not as far as I can see, which means there's two avenues to choose from: 0) explain what rules this "mypol3" holds and why it's needed, check all SELinux policy package were upgraded to their F17 versions, verify package contents, check if SELinux policy modules were actually loaded and analyze SELinux errors in /var/log/audit/audit.log /var/log/messages and dmesg or 1) remove all your modifications and all modules Fedora doesn't provide by default, reinstall SELinux policy packages, relabel, reboot and then check /var/log/audit/audit.log /var/log/messages and dmesg for SELinux related errors.

Mike Davies 11-17-2012 09:51 AM

Thanks for the reply.

It seems that mypol3 was an old file of mine left over from years ago, so it was all my fault that I was having problems. Thanks for pointing me in the right direction.


All times are GMT -5. The time now is 01:05 PM.