Package: selinux-policy-default
Version: 1:1.18-1
Followup-For: Bug #288647
Hello,
It looks like the suggested patch has been applied, given that I'm seeing
this in /usr/share/selinux/policy/default/domains/program/cups.te :
/*************************************************
ifdef(distro_redhat',
ifdef(rpm.te',
allow cupsd_config_t
rpm_var_lib_t:dir { getattr search };
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
')
allow cupsd_config_t initrc_exec_t:file getattr;
')dnl end distro_redhat
\*************************************************
So, I'm afraid that I don't understand why I'm encounterng the following,
from dpkg. (This is what I'd meant to file a bug report about, but it looks
like it's already an issue, "made" in the Deb BTS)
/*************************************************
Setting up selinux-policy-default (1.18-1) ...
/usr/bin/checkpolicy: loading policy configuration from policy.conf
domains/program/cups.te:245:ERROR 'unknown type rpm_var_lib_t' at token ';'
on line 140828:
#line 245
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
/usr/bin/checkpolicy: error(s) encountered while parsing configuration
make: *** [/etc/selinux/policy/policy.18] Error 1
dpkg: error processing selinux-policy-default (--configure):
subprocess post-installation script returned error exit status 2
\*************************************************
In what I know of this, it looks as if rpm_var_lib_t should not even be
seen by the policy-chcker (given that rpm.te is not defined, in
tunables/distro.tun). It seems that the policy checker is seeing it, anyway.
(This is as much detail as I can presume to even be of help with, for
figuring-out why I'm running into that bug, during the pkg. install scripts,
and with the cups.te file; I will, quite sincerely, appreciate if this could
be resolved )
Incidentally, I'm using
deb http://www.coker.com.au/newselinux/ ./
now, with the installation; I'm not sure if that's pertinent, but I figured
it bears mentioning
Ok. SELinux policy-file editors would be off topic. I'll cut the wire, here,
then, after: "Dude", this "package stuff" is seriously apprciated, in the
making of some 99.100% cracker-unfriendly, cheese-free systems. I dunno any
convention circuits, either, but I know that this pkg is made by someone who
has a pretty well iron-clad "vector" on host-sytem security, and so I
presume that convention-talks would be from a *real* authority, if presented
by the same, and (e.g.: to SAGE?) regarding the utmost of security for a
Linux host, in a whole network env. (OSDL seems to bear some real relevance
here, either - esp at their DCL/CGL projects, "for what it's worth". SELinux
could probably keep a *good* spot, in regards to that OSDL CGL working-group
- not my business is it to fuss about, granted, but it seems to bear some
real mention, given: A spot for it, heh, even if it is somehow "off topic"
from the msg.)
So, "with no added sugar, here's the most I can think to say, of how this
one thing in the pkg install script isn't working out" & "Thank you, mr.
maintainer fellow", seriously.
- schamp
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.9
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages selinux-policy-default depends on:
ii checkpolicy 1.20-1 SELinux policy compiler
ii libpam-modules 0.77-0.se5 Pluggable Authentication Modules f
ii libselinux1 1.20-1 SELinux shared libraries
ii m4 1.4.2-2 a macro processing language
ii make 3.80-9 The GNU version of the "make" util
ii policycoreutils 1.18-1 SELinux core policy utilities
ii python 2.3.4-5 An interactive high-level object-o
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
