Comments (3)
HI,
If i Compile reference policy as a MLS
type in build.conf file ,then i'm getting this below error at audit2allow
run time.
libsepol.sepol_context_to_sid: could not convert system_u:system_r:systemd_cgroups_t:s0 to sid libsepol.context_from_record: type systemd_logind_t is not defined libsepol.context_from_record: could not create context structure.
generate policy using audit2allow
#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access. #Constraint rule:
mlsconstrain dir { create } ((l1 eq l2 -Fail-) or (t1 == mlsfileupgrade -Fail-) and (l1 domby l2 -Fail-) or (t1 == mlsfiledowngrade -Fail-) and (l1 dom l2) or (t1 == mlsfiledowngrade -Fail-)D
Possible cause is the source level (s15:c0.c1023) and target level (s0) are different.
The following is my build.conf file
TYPE =mls
NAME = refpolicy
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = y
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n
Please suggest me what was the problem...
Thanks,
from refpolicy.
Is MLS disabled in your policy? This seems like an audit2allow problem, not a refpolicy problem.
from refpolicy.
Got the solution for the above problem .
After adding the setrans. conf
file in refpolicy directory then problem solved....
Now i',m facing the other problem while in enforcement mode ,
*** Warning -- SELinux refpolicy policy relabel is required.
*** Relabeling could take a very long time, depending on file
*** system size and speed of hard drives.
cat: /.autorelabel: No such file or directory
Warning: Skipping the following R/O filesystems:
/sys/fs/cgroup
Relabeling / /dev /dev/pts /dev/shm /run /run/lock /sys
/ 100.0%
/dev 100.0%
/dev/pts 100.0%
/dev/shm 100.0%
/run 100.0%
/run/lock 100.0%
/sys 100.0%
Please suggest me what was the problem..
Thanks,
from refpolicy.
Related Issues (20)
- Problem when building policy HOT 3
- libsepol.validate_user_datum: Invalid user datum HOT 4
- How to write modules for systemd user services? HOT 7
- libsepol.sepol_string_to_security_class: unrecognized class user_namespace HOT 4
- chrome->nacl_helper: user_namespace HOT 2
- 2 questions HOT 1
- Need help with transitions HOT 1
- Container issues in enforcing mode on Debian 12 HOT 13
- How to transfer the current process or its thread to another context? HOT 4
- Possible missing rule for ssh -> java HOT 2
- Debian 12.1 statd and mountd fail to start with fixed ports HOT 13
- Question: sudo HOT 5
- [Q] Permission cmd in class io_uring not defined in policy. HOT 3
- /root directory has no label specified HOT 4
- systemd v255 executor helper
- Information Disclosure vulnerability related to SSL Private Keys and CSR used by the HTTP daemon HOT 2
- Privileged container spc_t optional HOT 11
- Configuration warnings HOT 2
- Style guide link HOT 1
- use refpolicy in bare metal,login failed with out any avc log HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from refpolicy.