Saturday, November 8, 2014

Debian Squeeze bug 668174 with SELinux - workaround for this problem

Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668174

I use Debian Squeeze on server and want set permissive mode from some domain.
In newer version policycoreutils this bug is repaired, but in Debian Squeeze max version is 2.0.82-3.

So I change code in two place:


1. Problem with '/var/lib/selinux'

semanage permissive -a smbd_t
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 460, in <module>
    process_args(sys.argv[1:])
  File "/usr/sbin/semanage", line 363, in process_args
    OBJECT.add(target)
  File "/usr/lib/pymodules/python2.6/seobject.py", line 275, in add
    os.chdir(dirname)
OSError: [Errno 2] No such file or directory: '/var/lib/selinux'

Change:

head -n 280 /usr/lib/pymodules/python2.6/seobject.py|tail -n 10
    def add(self, type):
               import glob
               name = "permissive_%s" % type
               #dirname = "/var/lib/selinux"
               dirname = "/usr/share/selinux"
               os.chdir(dirname)
               filename = "%s.te" % name
               modtxt = """
module %s 1.0;


2. Problem with '/usr/share/selinux/devel/'

semanage permissive -a smbd_t
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 460, in <module>
    process_args(sys.argv[1:])
  File "/usr/sbin/semanage", line 363, in process_args
    OBJECT.add(target)
  File "/usr/lib/pymodules/python2.6/seobject.py", line 291, in add
    mc.create_module_package(filename, 1)
  File "/usr/lib/pymodules/python2.6/sepolgen/module.py", line 172, in create_module_package
    self.refpol_build(sourcename)
  File "/usr/lib/pymodules/python2.6/sepolgen/module.py", line 186, in refpol_build
    raise RuntimeError("compilation failed:\n%s" % self.last_output)
RuntimeError: compilation failed:
make: /usr/share/selinux/devel/Makefile: Nie ma takiego pliku ani katalogu
make: *** Brak reguł do wykonania obiektu `/usr/share/selinux/devel/Makefile'. Stop.

Change:

 head -n 128 /usr/lib/pymodules/python2.6/sepolgen/module.py |tail -n 10
        self.checkmodule = "/usr/bin/checkmodule"
        self.semodule_package = "/usr/bin/semodule_package"
        self.output = output
        self.last_output = ""
        #self.refpol_makefile = "/usr/share/selinux/devel/Makefile"
        self.refpol_makefile = "/usr/share/selinux/default/include/Makefile"
        self.make = "/usr/bin/make"

    def o(self, str):
        if self.output:


This is works for me :)

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)