Ok I'm a little lost on this... it tells me to edit security policies, but my question is where? The installation guide on nsa.gov is a little hard to follow :) I've compiled the kernel OK but this first step seems to have thrown the whole thing off.
Frank
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Fri, 8 Jun 2001, Frank Zecca wrote:
> Ok I'm a little lost on this... it tells me to edit
>security policies, but my question is where? The installation guide on
>nsa.gov is a little hard to follow :) I've compiled the kernel OK but
>this first step seems to have thrown the whole thing off.
If you downloaded and expanded the entire distribution, you should have a slinux/policy directory that contains the example security policy configuration. The INSTALL document says to follow the instructions relative to the slinux directory, and it says to edit the policy/users file for your users. What exactly is your question?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Emily Ratliff <ratliff_at_austin.ibm.com>
Hi,
I'm having a problem compiling SELinux. The machine has an Adaptec 7899P SCSI controller, so I have configured that in, but the SELinux compile is barfing on it. I would suspect a problem with that code, except that when I copy the .config file over to an unpatched kernel and compile that after running make oldconfig, the compile completes beautifully.
Here is the relevant output from the compile:
make[4]: Entering directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx'
make -C aicasm
make[5]: Entering directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx/aicasm'
yacc -d aicasm_gram.y
mv -f y.tab.c aicasm_gram.c
lex -t aicasm_scan.l > aicasm_scan.c
gcc -I/usr/include -ldb1 aicasm_gram.c aicasm_scan.c aicasm.c
aicasm_symbol.c -o aicasm
aicasm_symbol.c:39:20: db1/db.h: No such file or directory
make[5]: *** [aicasm] Error 1 make[5]: Leaving directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx/aicasm' make[4]: *** [aicasm/aicasm] Error 2 make[4]: Leaving directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx' make[3]: *** [first_rule] Error 2 make[3]: Leaving directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx' make[2]: *** [_subdir_aic7xxx] Error 2 make[2]: Leaving directory `/usr/src/slinux/kernel-2.4/drivers/scsi' make[1]: *** [_subdir_scsi] Error 2 make[1]: Leaving directory `/usr/src/slinux/kernel-2.4/drivers'make: *** [_dir_drivers] Error 2
Any suggestions?
Thanks,
Emily
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Fri, 8 Jun 2001, Emily Ratliff wrote:
> Here is the relevant output from the compile:
>
> make[4]: Entering directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx'
> make -C aicasm
> make[5]: Entering directory `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx/aicasm'
> yacc -d aicasm_gram.y
> mv -f y.tab.c aicasm_gram.c
> lex -t aicasm_scan.l > aicasm_scan.c
> gcc -I/usr/include -ldb1 aicasm_gram.c aicasm_scan.c aicasm.c
> aicasm_symbol.c -o aicasm
> aicasm_symbol.c:39:20: db1/db.h: No such file or directory
This doesn't look like it is related to SELinux in any way. The db1/db.h header file should exist in your /usr/include directory, as it does on my RedHat 7.1 system. I tried rebuilding the SELinux kernel with this driver enabled, and did not encounter this error.
When you say that you were able to build an unpatched kernel, do you mean the unmodified 2.4.3 sources from www.kernel.org?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Emily Ratliff <ratliff_at_austin.ibm.com>
On Mon, 11 Jun 2001, Stephen Smalley wrote:
> This doesn't look like it is related to SELinux in any way.
I agree, however ...
> When you say that you were able to build an unpatched kernel,
> do you mean the unmodified 2.4.3 sources from www.kernel.org?
I tried with 2.4.5 from www.kernel.org on Friday and was successful. After
your message today, I tried with 2.4.3 from www.kernel.org and it failed
in exactly the say way. I'll dig around a little more and see if I can
solve this problem.
Thanks,
Emily
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Frank Zecca <frank_at_aimster.com>
Hmha!
I figured out my problem. Thanks Stephen, I was only using the kernel tarball, not the full release.
Zach: You need to get the full release package from nsa.gov and extract it to your linux box. Then the installation guide they have on their site will make perfect sense and everything should work OK. Let me know if its otherwise, I'll do my best to help you out. Keep in mind I'm fairly new to this too :)
Frank
> frank i cant even compile the kernel
> plz help me
>
>
>
> uram@cmu.edu
> "Blessed are those who have not seen and yet have faith." - John 20:29
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Zachary Uram <zu22_at_andrew.cmu.edu>
On Fri, 8 Jun 2001, Frank Zecca wrote:
> Zach: You need to get the full release package from nsa.gov and extract it
> make perfect sense and everything should work OK. Let me know if its
> otherwise, I'll do my best to help you out. Keep in mind I'm fairly new to
> this too :)
DOH! :)
hehe thanks.
I hope it will work with my Ultra IDE hard disk and my AGP TNT
2 video card.
uram@cmu.edu
"Blessed are those who have not seen and yet have faith." - John 20:29
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Hubertus Franke <frankeh_at_us.ibm.com>
Try to do a full "make mrproper" again.
Hubertus Franke
Enterprise Linux Group (Mgr), Linux Technology Center (Member Scalability)
, OS-PIC (Chair)
email: frankeh@us.ibm.com
(w) 914-945-2003 (fax) 914-945-4425 TL: 862-2003
Stephen Smalley <sds@tislabs.com>@tycho.nsa.gov on 06/11/2001 10:31:35 AM
Sent by: owner-selinux@tycho.nsa.gov
To: Emily Ratliff <ratliff@austin.ibm.com>
cc: selinux@tycho.nsa.gov
Subject: Re: setting up selinux
On Fri, 8 Jun 2001, Emily Ratliff wrote:
> Here is the relevant output from the compile:
>
> make[4]: Entering directory
`/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx'
> make -C aicasm
> make[5]: Entering directory
`/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx/aicasm'
> yacc -d aicasm_gram.y
> mv -f y.tab.c aicasm_gram.c
> lex -t aicasm_scan.l > aicasm_scan.c
> gcc -I/usr/include -ldb1 aicasm_gram.c aicasm_scan.c aicasm.c
> aicasm_symbol.c -o aicasm
> aicasm_symbol.c:39:20: db1/db.h: No such file or directory
This doesn't look like it is related to SELinux in any way. The db1/db.h header file should exist in your /usr/include directory, as it does on my RedHat 7.1 system. I tried rebuilding the SELinux kernel with this driver enabled, and did not encounter this error.
When you say that you were able to build an unpatched kernel, do you mean the unmodified 2.4.3 sources from www.kernel.org?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Emily Ratliff <ratliff_at_austin.ibm.com>
Hi Hubertus,
I tried that to no avail. It turns out that the problem is that the machine has glibc-devel-2.2.2 rather than glibc-devel-2.1.3, so rather than having /usr/include/db1 I have /usr/include/db3 .
The real root of this problem is that without thinking too much about it, I tried this on Mandrake 8.0 rather than RedHat. I'll switch over to RedHat.
Emily
On Mon, 11 Jun 2001, Hubertus Franke wrote:
>
> Try to do a full "make mrproper" again.
>
> Hubertus Franke
> Enterprise Linux Group (Mgr), Linux Technology Center (Member Scalability)
> , OS-PIC (Chair)
> email: frankeh@us.ibm.com
> (w) 914-945-2003 (fax) 914-945-4425 TL: 862-2003
>
>
>
> Stephen Smalley <sds@tislabs.com>@tycho.nsa.gov on 06/11/2001 10:31:35 AM
>
> Sent by: owner-selinux@tycho.nsa.gov
>
>
> To: Emily Ratliff <ratliff@austin.ibm.com>
> cc: selinux@tycho.nsa.gov
> Subject: Re: setting up selinux
>
>
>
>
> On Fri, 8 Jun 2001, Emily Ratliff wrote:
>
> > Here is the relevant output from the compile:
> >
> > make[4]: Entering directory
> `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx'
> > make -C aicasm
> > make[5]: Entering directory
> `/usr/src/slinux/kernel-2.4/drivers/scsi/aic7xxx/aicasm'
> > yacc -d aicasm_gram.y
> > mv -f y.tab.c aicasm_gram.c
> > lex -t aicasm_scan.l > aicasm_scan.c
> > gcc -I/usr/include -ldb1 aicasm_gram.c aicasm_scan.c aicasm.c
> > aicasm_symbol.c -o aicasm
> > aicasm_symbol.c:39:20: db1/db.h: No such file or directory
>
> This doesn't look like it is related to SELinux in any way.
> The db1/db.h header file should exist in your /usr/include
> directory, as it does on my RedHat 7.1 system. I tried
> rebuilding the SELinux kernel with this driver enabled, and
> did not encounter this error.
>
> When you say that you were able to build an unpatched kernel,
> do you mean the unmodified 2.4.3 sources from www.kernel.org?
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
>
>
>
>
>
>
> --
> You have received this message because you are subscribed to the selinux
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>
>
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:53 EDT