I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did the
Kernel build following the documentation on the NSA web site. I got to step
2 in the INSTALLING section and when I do a make install in the module
directory I get the following output:
[root@warthog module]# make install
rm -f selinux_plug/include/asm selinux_plug/arch/machine
( cd selinux_plug/include ; ln -sf asm-i386 asm)
( cd selinux_plug/arch ; ln -sf i386 machine)
mkdir -p /usr/local/selinux/flask mkdir -p /usr/local/selinux/include/linux/flask mkdir -p /usr/local/selinux/include/asm-i386/flask mkdir -p /usr/local/selinux/bin
I checked /usr/local/selinux/bin for checkpolicy to see if it was just a
permissions problem but the file does not exist. I could not find it in the
/lsm directory either. Can someone tell me what I have screwed up? Thank
you for your time.
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did the
> Kernel build following the documentation on the NSA web site. I got to step
> 2 in the INSTALLING section and when I do a make install in the module
> directory I get the following output:
Which release of SELinux are you using, and which download option did you use?
> [root@warthog module]# make install
> rm -f selinux_plug/include/asm selinux_plug/arch/machine
> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
> ( cd selinux_plug/arch ; ln -sf i386 machine)
Based on this output, it looks like you are using an older release. As of the most recent release, the creation of the architecture symbolic links was moved into the selinux_plug Makefiles. In any event, this should have happened during the kernel build, so something is wrong here.
> cd ../../lsm/include/asm; install unistd.h /usr/local/selinux/include/asm
> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
> install: cannot stat `checkpolicy': No such file or directory
> make: *** [install] Error 1
The checkpolicy program should have been compiled during the kernel build. Again, this suggests that your kernel build didn't really succeed. Did you enable SELinux in the kernel configuration?
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Paul Krumviede <pwk_at_acm.org>
i've had occasion to wonder about the formatting of the
README file. in the BUILDING section, one is presented
with two options. the final paragraph ("To build the SELinux
module..."), while it seems to be intended for use with
the second config/build option, isn't indented. a naive
reading of the build instructions might cause someone
to (re-)build the SELinux module as if it were a loadable
kernel module, and that might cause problems.
-paul
--On Wednesday, 24 October, 2001 15:23 -0400 Stephen Smalley <sds@tislabs.com> wrote:
>
> On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
>
>> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did
>> the Kernel build following the documentation on the NSA web site. I got
>> to step 2 in the INSTALLING section and when I do a make install in the
>> module directory I get the following output:
>
> Which release of SELinux are you using, and which download option did you
> use?
>
>> [root@warthog module]# make install
>> rm -f selinux_plug/include/asm selinux_plug/arch/machine
>> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
>> ( cd selinux_plug/arch ; ln -sf i386 machine)
>
> Based on this output, it looks like you are using an older release.
> As of the most recent release, the creation of the architecture symbolic
> links was moved into the selinux_plug Makefiles. In any event, this
> should have happened during the kernel build, so something is wrong here.
>
>> cd ../../lsm/include/asm; install unistd.h /usr/local/selinux/include/asm
>> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
>> install: cannot stat `checkpolicy': No such file or directory
>> make: *** [install] Error 1
>
> The checkpolicy program should have been compiled during the kernel build.
> Again, this suggests that your kernel build didn't really succeed. Did
> you enable SELinux in the kernel configuration?
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
>
>
>
>
> --
> You have received this message because you are subscribed to the selinux
> list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without
> quotes as the message.
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Wed, 24 Oct 2001, Paul Krumviede wrote:
> i've had occasion to wonder about the formatting of the
> README file. in the BUILDING section, one is presented
> with two options. the final paragraph ("To build the SELinux
> module..."), while it seems to be intended for use with
> the second config/build option, isn't indented. a naive
> reading of the build instructions might cause someone
> to (re-)build the SELinux module as if it were a loadable
> kernel module, and that might cause problems.
Oh, I see your point. I'll try to make it clearer in the README.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dave Nielsen <dave_at_technogeeks.com>
On Wed, 24 Oct 2001, Stephen Smalley wrote:
|
|On Wed, 24 Oct 2001, Paul Krumviede wrote:
|
|> i've had occasion to wonder about the formatting of the
|> README file. in the BUILDING section, one is presented
|> with two options. the final paragraph ("To build the SELinux
|> module..."), while it seems to be intended for use with
|> the second config/build option, isn't indented. a naive
|> reading of the build instructions might cause someone
|> to (re-)build the SELinux module as if it were a loadable
|> kernel module, and that might cause problems.
|
|Oh, I see your point. I'll try to make it clearer in the README.
|
What about breaking the instructions into two files and have the README
point the user to the file that goes with the build that he is wanting.
IE.
Install.kernel for the instructions on building inside of the kernel
or
Install.module for the instructions on building the SELinux as a modular
Dave
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Wed, 24 Oct 2001, Dave Nielsen wrote:
> What about breaking the instructions into two files and have the README
> point the user to the file that goes with the build that he is wanting.
The problem with this approach is that most of the INSTALLING instructions are identical for the two cases, so there would be a lot of duplication. I suppose you could just split the BUILDING instructions and leave the INSTALLING instructions alone, but then you have multiple files that have to be read to do a build and install.
Anyway, this is a lot of trouble for an option that we don't really support (using SELinux as a separately loaded module rather than building it into the kernel), so we could just drop these instructions entirely.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dave Nielsen <dave_at_technogeeks.com>
On Thu, 25 Oct 2001, Stephen Smalley wrote:
|
|On Wed, 24 Oct 2001, Dave Nielsen wrote:
|
|> What about breaking the instructions into two files and have the README
|> point the user to the file that goes with the build that he is wanting.
|
|The problem with this approach is that most of the INSTALLING instructions
|are identical for the two cases, so there would be a lot of duplication.
|I suppose you could just split the BUILDING instructions and leave the
|INSTALLING instructions alone, but then you have multiple files that have
|to be read to do a build and install.
|
|Anyway, this is a lot of trouble for an option that we don't really
|support (using SELinux as a separately loaded module rather than building
|it into the kernel), so we could just drop these instructions entirely.
Removing that section would be the best. I spent sometime on my proposel and found that 95% of it was the same and came to that same concluesion. Seeing that I was the one that brought it up I figures I should at least give it a shot.
Dave
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dave Nielsen <dave_at_technogeeks.com>
On Wed, 24 Oct 2001, Stephen Smalley wrote:
=>
=>On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
=>
=>> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did the
=>> Kernel build following the documentation on the NSA web site. I got to step
=>> 2 in the INSTALLING section and when I do a make install in the module
=>> directory I get the following output:
=>
=>Which release of SELinux are you using, and which download option did you
=>use?
=>
my guess is he is trying one that was before the 2.4.10 release.
=>> [root@warthog module]# make install
=>> rm -f selinux_plug/include/asm selinux_plug/arch/machine
=>> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
=>> ( cd selinux_plug/arch ; ln -sf i386 machine)
=>
=>Based on this output, it looks like you are using an older release.
=>As of the most recent release, the creation of the architecture symbolic
=>links was moved into the selinux_plug Makefiles. In any event, this
=>should have happened during the kernel build, so something is wrong here.
The out put looks like Pre 2.4.10 package. I Had these issues with both options on the pre 2.4.10.
I would like to say I have a fix for you besides downloading the 2.4.10 or better yet the newest one that is out right now. I had the problem and then the next day 2.4.10 was release.
=>
=>> cd ../../lsm/include/asm; install unistd.h /usr/local/selinux/include/asm
=>> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
=>> install: cannot stat `checkpolicy': No such file or directory
=>> make: *** [install] Error 1
=>
=>The checkpolicy program should have been compiled during the kernel build.
=>Again, this suggests that your kernel build didn't really succeed. Did
=>you enable SELinux in the kernel configuration?
=>
Dave
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: White, Tom (AZ15) <tom.white_at_honeywell.com>
I just downloaded the most recent package from the nsa.gov website. I have
lsm-selinux-200110161355. I removed the previous version from the system and
gave it another shot. I went through the build successfully. I also make it
through the install in ../selinux/module. I then edited my
../selinux/policy/users file replacing the example users with two users that
have accounts on the box. Then I try to make and get:
[root@warthog policy]# make
cat types/device.te types/devpts.te types/file.te types/network.te
types/nfs.te types/procfs.te types/security.te > all_
types.te
cat domains/system/apache.te domains/system/apmd.te domains/system/atd.te
domains/system/automount.te domains/system/car
dmgr.te domains/system/crond.te domains/system/ftpd.te domains/system/gdm.te
domains/system/getty.te domains/system/gpm.
te domains/system/hwclock.te domains/system/inetd.te
domains/system/initrc.te domains/system/init.te domains/system/ipse
c.te domains/system/kernel.te domains/system/klogd.te domains/system/kmod.te
domains/system/login.te domains/system/lpd.
te domains/system/mount.te domains/system/named.te domains/system/portmap.te
domains/system/pump.te domains/system/rlogi
nd.te domains/system/rpcd.te domains/system/rshd.te
domains/system/sendmail.te domains/system/sshd.te domains/system/sys
logd.te domains/system/tcpd.te domains/system/xfs.te
domains/system/ypbind.te > system_domains.te
cat domains/program/crontab.te domains/program/fsadm.te
domains/program/gnome-pty-helper.te domains/program/ifconfig.te domains/program/logrotate.te domains/program/lpr.te domains/program/mail.te domains/program/modutil.te domains/program/netscape.te domains/program/newrole.te domains/program/passwd.te domains/program/ping.te domains/program/run_init.te doma ins/program/ssh.te domains/program/su.te domains/program/utempter.te domains/program/xserver.te > program_domains.te
cat domains/user/user.te > user_domains.te cat domains/admin/sysadm.te > admin_domains.te cat domains/every.te system_domains.te program_domains.te user_domains.teadmin_domains.te > all_domains.te
I know I must be doing something wrong, but I don't know what. Any ideas? Thanks for the help.
-----Original Message-----
From: Dave Nielsen [mailto:dave@technogeeks.com]
Sent: Wednesday, October 24, 2001 4:52 PM
Cc: White, Tom (AZ15); selinux@tycho.nsa.gov
Subject: Re: Problems with install
On Wed, 24 Oct 2001, Stephen Smalley wrote:
=>
=>On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
=>
=>> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did
the
=>> Kernel build following the documentation on the NSA web site. I got to
step
=>> 2 in the INSTALLING section and when I do a make install in the module
=>> directory I get the following output:
=>
=>Which release of SELinux are you using, and which download option did you
=>use?
=>
my guess is he is trying one that was before the 2.4.10 release.
=>> [root@warthog module]# make install
=>> rm -f selinux_plug/include/asm selinux_plug/arch/machine
=>> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
=>> ( cd selinux_plug/arch ; ln -sf i386 machine)
=>
=>Based on this output, it looks like you are using an older release.
=>As of the most recent release, the creation of the architecture symbolic
=>links was moved into the selinux_plug Makefiles. In any event, this
=>should have happened during the kernel build, so something is wrong here.
The out put looks like Pre 2.4.10 package. I Had these issues with both options on the pre 2.4.10.
I would like to say I have a fix for you besides downloading the 2.4.10 or better yet the newest one that is out right now. I had the problem and then the next day 2.4.10 was release.
=>
=>> cd ../../lsm/include/asm; install unistd.h
/usr/local/selinux/include/asm
=>> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
=>> install: cannot stat `checkpolicy': No such file or directory
=>> make: *** [install] Error 1
=>
=>The checkpolicy program should have been compiled during the kernel build.
=>Again, this suggests that your kernel build didn't really succeed. Did
=>you enable SELinux in the kernel configuration?
=>
Dave
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Fri, 26 Oct 2001, White, Tom (AZ15) wrote:
> make: *** [policy] Illegal instruction (core dumped)
Check the Processor type in your kernel configuration. If you left it set for the default (Pentium III) and your machine is something older, then you'll encounter this problem. Also, while you're doing that, make sure that you enabled the driver for your network card, since people often forget to do that (most aren't enabled in the default configuration). Then, prior to rebuilding in the lsm tree, cd to selinux/module/selinux_plug/ss and remove *.cp.o and checkpolicy.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: White, Tom (AZ15) <tom.white_at_honeywell.com>
I am installing this on a P200 and I went into the kernel config and changed
this, and included my NIC drivers. I am in the process of building again. I
will let you know how this turns out. Thanks again.
-----Original Message-----
From: Stephen Smalley [mailto:sds@tislabs.com]
Sent: Friday, October 26, 2001 2:49 PM
To: White, Tom (AZ15)
Cc: selinux@tycho.nsa.gov
Subject: RE: Problems with install
On Fri, 26 Oct 2001, White, Tom (AZ15) wrote:
> make: *** [policy] Illegal instruction (core dumped)
Check the Processor type in your kernel configuration. If you left it set for the default (Pentium III) and your machine is something older, then you'll encounter this problem. Also, while you're doing that, make sure that you enabled the driver for your network card, since people often forget to do that (most aren't enabled in the default configuration). Then, prior to rebuilding in the lsm tree, cd to selinux/module/selinux_plug/ss and remove *.cp.o and checkpolicy.
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Westerman, Mark <Mark.Westerman_at_csoconline.com>
There has been an error like this on the previous version.
The problem I had was with the processor type in the kernel
build. It selected a PIII process when I only a clasic type.
Check you processor type make sure it matches what is in
you machine.
Mark
-----Original Message-----
From: White, Tom (AZ15) [mailto:tom.white@honeywell.com]
Sent: Friday, October 26, 2001 4:29 PM
To: selinux@tycho.nsa.gov
Subject: RE: Problems with install
Importance: High
I just downloaded the most recent package from the nsa.gov website. I have lsm-selinux-200110161355. I removed the previous version from the system and gave it another shot. I went through the build successfully. I also make it through the install in ../selinux/module. I then edited my ../selinux/policy/users file replacing the example users with two users that have accounts on the box. Then I try to make and get:
[root@warthog policy]# make
cat types/device.te types/devpts.te types/file.te types/network.te
types/nfs.te types/procfs.te types/security.te > all_
types.te
cat domains/system/apache.te domains/system/apmd.te domains/system/atd.te
domains/system/automount.te domains/system/car
dmgr.te domains/system/crond.te domains/system/ftpd.te domains/system/gdm.te
domains/system/getty.te domains/system/gpm.
te domains/system/hwclock.te domains/system/inetd.te
domains/system/initrc.te domains/system/init.te domains/system/ipse
c.te domains/system/kernel.te domains/system/klogd.te domains/system/kmod.te
domains/system/login.te domains/system/lpd.
te domains/system/mount.te domains/system/named.te domains/system/portmap.te
domains/system/pump.te domains/system/rlogi
nd.te domains/system/rpcd.te domains/system/rshd.te
domains/system/sendmail.te domains/system/sshd.te domains/system/sys
logd.te domains/system/tcpd.te domains/system/xfs.te
domains/system/ypbind.te > system_domains.te
cat domains/program/crontab.te domains/program/fsadm.te
domains/program/gnome-pty-helper.te domains/program/ifconfig.te domains/program/logrotate.te domains/program/lpr.te domains/program/mail.te domains/program/modutil.te domains/program/netscape.te domains/program/newrole.te domains/program/passwd.te domains/program/ping.te domains/program/run_init.te doma ins/program/ssh.te domains/program/su.te domains/program/utempter.te domains/program/xserver.te > program_domains.te
cat domains/user/user.te > user_domains.te cat domains/admin/sysadm.te > admin_domains.te cat domains/every.te system_domains.te program_domains.te user_domains.teadmin_domains.te > all_domains.te
I know I must be doing something wrong, but I don't know what. Any ideas? Thanks for the help.
-----Original Message-----
From: Dave Nielsen [mailto:dave@technogeeks.com]
Sent: Wednesday, October 24, 2001 4:52 PM
Cc: White, Tom (AZ15); selinux@tycho.nsa.gov
Subject: Re: Problems with install
On Wed, 24 Oct 2001, Stephen Smalley wrote:
=>
=>On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
=>
=>> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did
the
=>> Kernel build following the documentation on the NSA web site. I got to
step
=>> 2 in the INSTALLING section and when I do a make install in the module
=>> directory I get the following output:
=>
=>Which release of SELinux are you using, and which download option did you
=>use?
=>
my guess is he is trying one that was before the 2.4.10 release.
=>> [root@warthog module]# make install
=>> rm -f selinux_plug/include/asm selinux_plug/arch/machine
=>> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
=>> ( cd selinux_plug/arch ; ln -sf i386 machine)
=>
=>Based on this output, it looks like you are using an older release.
=>As of the most recent release, the creation of the architecture symbolic
=>links was moved into the selinux_plug Makefiles. In any event, this
=>should have happened during the kernel build, so something is wrong here.
The out put looks like Pre 2.4.10 package. I Had these issues with both options on the pre 2.4.10.
I would like to say I have a fix for you besides downloading the 2.4.10 or better yet the newest one that is out right now. I had the problem and then the next day 2.4.10 was release.
=>
=>> cd ../../lsm/include/asm; install unistd.h
/usr/local/selinux/include/asm
=>> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
=>> install: cannot stat `checkpolicy': No such file or directory
=>> make: *** [install] Error 1
=>
=>The checkpolicy program should have been compiled during the kernel build.
=>Again, this suggests that your kernel build didn't really succeed. Did
=>you enable SELinux in the kernel configuration?
=>
Dave
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Conan Callen <ccallen_at_windowpane.com>
I had the same problem (checkpolicy core dump), and got the same advise.
After choosing the correct processor (an old pentium) it worked fine.
Conan
> There has been an error like this on the previous version.
> The problem I had was with the processor type in the kernel
> build. It selected a PIII process when I only a clasic type.
> Check you processor type make sure it matches what is in
> you machine.
>
> Mark
>
> -----Original Message-----
> From: White, Tom (AZ15) [mailto:tom.white@honeywell.com]
> Sent: Friday, October 26, 2001 4:29 PM
> To: selinux@tycho.nsa.gov
> Subject: RE: Problems with install
> Importance: High
>
>
> I just downloaded the most recent package from the nsa.gov website. I have
> lsm-selinux-200110161355. I removed the previous version from the system and
> gave it another shot. I went through the build successfully. I also make it
> through the install in ../selinux/module. I then edited my
> ../selinux/policy/users file replacing the example users with two users that
> have accounts on the box. Then I try to make and get:
>
> [root@warthog policy]# make
> cat types/device.te types/devpts.te types/file.te types/network.te
> types/nfs.te types/procfs.te types/security.te > all_
> types.te
> cat domains/system/apache.te domains/system/apmd.te domains/system/atd.te
> domains/system/automount.te domains/system/car
> dmgr.te domains/system/crond.te domains/system/ftpd.te domains/system/gdm.te
> domains/system/getty.te domains/system/gpm.
> te domains/system/hwclock.te domains/system/inetd.te
> domains/system/initrc.te domains/system/init.te domains/system/ipse
> c.te domains/system/kernel.te domains/system/klogd.te domains/system/kmod.te
> domains/system/login.te domains/system/lpd.
> te domains/system/mount.te domains/system/named.te domains/system/portmap.te
> domains/system/pump.te domains/system/rlogi
> nd.te domains/system/rpcd.te domains/system/rshd.te
> domains/system/sendmail.te domains/system/sshd.te domains/system/sys
> logd.te domains/system/tcpd.te domains/system/xfs.te
> domains/system/ypbind.te > system_domains.te
> cat domains/program/crontab.te domains/program/fsadm.te
> domains/program/gnome-pty-helper.te domains/program/ifconfig.te
> domains/program/logrotate.te domains/program/lpr.te domains/program/mail.te
> domains/program/modutil.te domains/program/n
> etscape.te domains/program/newrole.te domains/program/passwd.te
> domains/program/ping.te domains/program/run_init.te doma
> ins/program/ssh.te domains/program/su.te domains/program/utempter.te
> domains/program/xserver.te > program_domains.te
> cat domains/user/user.te > user_domains.te
> cat domains/admin/sysadm.te > admin_domains.te
> cat domains/every.te system_domains.te program_domains.te user_domains.te
> admin_domains.te > all_domains.te
> rm -f system_domains.te program_domains.te user_domains.te admin_domains.te
> cat macros.te all_types.te all_domains.te assert.te > all.te
> rm -f all_types.te all_domains.te
> m4 -s /usr/local/selinux/flask/security_classes
> /usr/local/selinux/flask/initial_sids /usr/local/selinux/flask/access_ve
> ctors all.te rbac users constraints initial_sid_contexts fs_contexts
> devfs_contexts net_contexts > policy.conf
> /usr/local/selinux/bin/checkpolicy -o policy policy.conf
> /usr/local/selinux/bin/checkpolicy: loading policy configuration from
> policy.conf
> make: *** [policy] Illegal instruction (core dumped)
>
> I know I must be doing something wrong, but I don't know what. Any ideas?
> Thanks for the help.
>
> -----Original Message-----
> From: Dave Nielsen [mailto:dave@technogeeks.com]
> Sent: Wednesday, October 24, 2001 4:52 PM
> Cc: White, Tom (AZ15); selinux@tycho.nsa.gov
> Subject: Re: Problems with install
>
>
>
>
> On Wed, 24 Oct 2001, Stephen Smalley wrote:
>
> =>
> =>On Wed, 24 Oct 2001, White, Tom (AZ15) wrote:
> =>
> =>> I am trying to implement the SELinux patch on a Red Hat 7.1 box. I did
> the
> =>> Kernel build following the documentation on the NSA web site. I got to
> step
> =>> 2 in the INSTALLING section and when I do a make install in the module
> =>> directory I get the following output:
> =>
> =>Which release of SELinux are you using, and which download option did you
> =>use?
> =>
> my guess is he is trying one that was before the 2.4.10 release.
>
> =>> [root@warthog module]# make install
> =>> rm -f selinux_plug/include/asm selinux_plug/arch/machine
> =>> ( cd selinux_plug/include ; ln -sf asm-i386 asm)
> =>> ( cd selinux_plug/arch ; ln -sf i386 machine)
> =>
> =>Based on this output, it looks like you are using an older release.
> =>As of the most recent release, the creation of the architecture symbolic
> =>links was moved into the selinux_plug Makefiles. In any event, this
> =>should have happened during the kernel build, so something is wrong here.
>
> The out put looks like Pre 2.4.10 package. I Had these issues with both
> options on the pre 2.4.10.
>
> I would like to say I have a fix for you besides downloading the 2.4.10 or
> better yet the newest one that is out right now. I had the problem and
> then the next day 2.4.10 was release.
>
> =>
> =>> cd ../../lsm/include/asm; install unistd.h
> /usr/local/selinux/include/asm
> =>> cd selinux_plug/ss; install checkpolicy /usr/local/selinux/bin
> =>> install: cannot stat `checkpolicy': No such file or directory
> =>> make: *** [install] Error 1
> =>
> =>The checkpolicy program should have been compiled during the kernel build.
> =>Again, this suggests that your kernel build didn't really succeed. Did
> =>you enable SELinux in the kernel configuration?
> =>
>
> Dave
>
> --
> You have received this message because you are subscribed to the selinux
> list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT