How to compile and apply SELinux policy
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm student. I want to use the policy compiled from the source code.
After compiling the policy, the following error statement is displayed.
Please tell me how to compile and apply SELinux policy.
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/dev-log: Permission denied
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/socket: Permission denied
:
systemd-journald[529]: Faild to open /run/systemd/journal/kernelseqnum, ignoring: Permission denied
:
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
:
The procedure I did is shown below.
Fedora 26 (linux4.11.8-300)
1) yumdownloader --source selinux-policy
2) rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
3) rpmbuild -bi ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0"
4) cd ~/rpmbuild/BUILD/selinux-3.13.1/
5) vi build.conf
----
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n
----
6) make install-src
7) cd /etc/selinux/test/src/policy
8) make load
9) touch /.autorelabel
10) edit /etc/selinux/config file
11) reboot
12) "audit:backlog limit exceeded" continues to be outputted
I increased the buffer size but it did not change.
/etc/audit/audit.rules
# Set buffer size
-b 8192
fedora selinux
add a comment |Â
up vote
0
down vote
favorite
I'm student. I want to use the policy compiled from the source code.
After compiling the policy, the following error statement is displayed.
Please tell me how to compile and apply SELinux policy.
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/dev-log: Permission denied
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/socket: Permission denied
:
systemd-journald[529]: Faild to open /run/systemd/journal/kernelseqnum, ignoring: Permission denied
:
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
:
The procedure I did is shown below.
Fedora 26 (linux4.11.8-300)
1) yumdownloader --source selinux-policy
2) rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
3) rpmbuild -bi ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0"
4) cd ~/rpmbuild/BUILD/selinux-3.13.1/
5) vi build.conf
----
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n
----
6) make install-src
7) cd /etc/selinux/test/src/policy
8) make load
9) touch /.autorelabel
10) edit /etc/selinux/config file
11) reboot
12) "audit:backlog limit exceeded" continues to be outputted
I increased the buffer size but it did not change.
/etc/audit/audit.rules
# Set buffer size
-b 8192
fedora selinux
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm student. I want to use the policy compiled from the source code.
After compiling the policy, the following error statement is displayed.
Please tell me how to compile and apply SELinux policy.
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/dev-log: Permission denied
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/socket: Permission denied
:
systemd-journald[529]: Faild to open /run/systemd/journal/kernelseqnum, ignoring: Permission denied
:
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
:
The procedure I did is shown below.
Fedora 26 (linux4.11.8-300)
1) yumdownloader --source selinux-policy
2) rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
3) rpmbuild -bi ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0"
4) cd ~/rpmbuild/BUILD/selinux-3.13.1/
5) vi build.conf
----
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n
----
6) make install-src
7) cd /etc/selinux/test/src/policy
8) make load
9) touch /.autorelabel
10) edit /etc/selinux/config file
11) reboot
12) "audit:backlog limit exceeded" continues to be outputted
I increased the buffer size but it did not change.
/etc/audit/audit.rules
# Set buffer size
-b 8192
fedora selinux
I'm student. I want to use the policy compiled from the source code.
After compiling the policy, the following error statement is displayed.
Please tell me how to compile and apply SELinux policy.
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/dev-log: Permission denied
systemd[1]: Unable to fix SELinux security context of /run/systemd/journal/socket: Permission denied
:
systemd-journald[529]: Faild to open /run/systemd/journal/kernelseqnum, ignoring: Permission denied
:
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: backlog limit exceeded
:
The procedure I did is shown below.
Fedora 26 (linux4.11.8-300)
1) yumdownloader --source selinux-policy
2) rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
3) rpmbuild -bi ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0"
4) cd ~/rpmbuild/BUILD/selinux-3.13.1/
5) vi build.conf
----
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n
----
6) make install-src
7) cd /etc/selinux/test/src/policy
8) make load
9) touch /.autorelabel
10) edit /etc/selinux/config file
11) reboot
12) "audit:backlog limit exceeded" continues to be outputted
I increased the buffer size but it did not change.
/etc/audit/audit.rules
# Set buffer size
-b 8192
fedora selinux
fedora selinux
asked Sep 25 '17 at 7:21
penpen
1
1
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48
add a comment |Â
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
For what I can see here you are actually not compiling and installing the policy.
To compile the policy, I would do:
- yumdownloader --source selinux-policy
- rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
- rpmbuild -bp ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0" #this patch the code with fedora patches
- cd ~/rpmbuild/BUILD/selinux-3.13.1/
- vi build.conf
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n - make config
- make
- make install install-headers
- make load
- touch /.autorelabel
- edit /etc/selinux/config file
- reboot
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
For what I can see here you are actually not compiling and installing the policy.
To compile the policy, I would do:
- yumdownloader --source selinux-policy
- rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
- rpmbuild -bp ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0" #this patch the code with fedora patches
- cd ~/rpmbuild/BUILD/selinux-3.13.1/
- vi build.conf
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n - make config
- make
- make install install-headers
- make load
- touch /.autorelabel
- edit /etc/selinux/config file
- reboot
add a comment |Â
up vote
1
down vote
For what I can see here you are actually not compiling and installing the policy.
To compile the policy, I would do:
- yumdownloader --source selinux-policy
- rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
- rpmbuild -bp ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0" #this patch the code with fedora patches
- cd ~/rpmbuild/BUILD/selinux-3.13.1/
- vi build.conf
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n - make config
- make
- make install install-headers
- make load
- touch /.autorelabel
- edit /etc/selinux/config file
- reboot
add a comment |Â
up vote
1
down vote
up vote
1
down vote
For what I can see here you are actually not compiling and installing the policy.
To compile the policy, I would do:
- yumdownloader --source selinux-policy
- rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
- rpmbuild -bp ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0" #this patch the code with fedora patches
- cd ~/rpmbuild/BUILD/selinux-3.13.1/
- vi build.conf
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n - make config
- make
- make install install-headers
- make load
- touch /.autorelabel
- edit /etc/selinux/config file
- reboot
For what I can see here you are actually not compiling and installing the policy.
To compile the policy, I would do:
- yumdownloader --source selinux-policy
- rpm -ivh selinux-policy-3.13.1-260.8.fc26.src.rpm
- rpmbuild -bp ~/rpmbuild/SPEC/selinux-policy.spec --define "BUILD_STRICT 0" --define "BUILD_MLS 0" #this patch the code with fedora patches
- cd ~/rpmbuild/BUILD/selinux-3.13.1/
- vi build.conf
TYPE = mcs
NAME = test
DISTRO = redhat
UNK_PERMS = allow
DIRECT_INITRC = y
MONOLITHIC = n
UBAC = n
CUSTOM_BUILDOPT =
MLS_SENS = 16
MLS_CATS = 1024
MCS_CATS = 1024
QUIET = n - make config
- make
- make install install-headers
- make load
- touch /.autorelabel
- edit /etc/selinux/config file
- reboot
edited Sep 26 '17 at 12:42
answered Sep 26 '17 at 12:34
Bigon
1,169613
1,169613
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f394255%2fhow-to-compile-and-apply-selinux-policy%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Run as root. use sudo.
â enZyme
Sep 25 '17 at 8:17
The above is done with root authority.
â penpen
Sep 26 '17 at 0:48