Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: Undefined refs in compile attempt Date: Wed, 12 Dec 2001 01:43:35 +0000
532 tar zxf sm-selinux-200111191100.tgz 541 cd selinux 542 patch -p1 < ../delete.patch 543 patch -p1 < ../avc.patch 544 patch -p1 < ../module.patch 545 patch -p1 < ../util-linux.patch 547 cd module 548 make insert 549 cd ../../lsm 550 patch -p1 < ../module.patch 553 make mrproper 554 cp -a ../old.config .config 556 make oldconfig 558 make dep 560 make bzImage 561 make modules 592 make INSTALL_MOD_PATH=/usr/src/Selinux modules_install 594 cp -a System.map ../Selinux/boot/System.map-2.4.14-lsm 595 cp -a arch/i386/boot/bzImage ../Selinux/boot/vmlinuz-2.4.14-lsm 604 cd ../selinux/module At which point a make install fails:
cc -o checkpolicy ebitmap.o queue.o hashtab.o symtab.o sidtab.o avtab.o policydb.o services.o y.tab.o lex.yy.o checkpolicy.o -lfl
policydb.o: In function `user_destroy':
Here is the relevant part of the .config # # Security options # CONFIG_SECURITY_CAPABILITIES=y CONFIG_SECURITY_IP=y CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_MLS=y -- ------------------------------------------------------ Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org ------------------------------------------------------ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: James Morris <jmorris_at_intercode.com.au> subject: Re: Undefined refs in compile attempt Date: Wed, 12 Dec 2001 12:50:16 +1100 (EST)
> At which point a make install fails: Check that you've set MLS=y in module/checkpolicy/Makefile, as mentioned in the README.MLS file.
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com> subject: Re: Undefined refs in compile attempt Date: Wed, 12 Dec 2001 08:54:46 -0500 (EST)
On Wed, 12 Dec 2001, Dale Amon wrote:
> Not sure why I'm getting failures in the compile. I applied all Although this isn't related to your problem, you might want to use the latest release (2001121010). Of course, you will still need to apply the module.patch and the util-linux.patch that I posted yesterday after that release was made.
> 541 cd selinux This should have failed. The module.patch posted yesterday was relative to the latest release, so it expected the module to already be in the lsm tree (the SELinux module has been merged into the main LSM tree, and no longer lives in the selinux archive).
> 545 patch -p1 < ../util-linux.patch Ok, it looks like you reapplied the patch correctly here.
> At which point a make install fails: These errors indicate that you enabled the MLS option without making the other changes described in the README.MLS file. See the help text for this option and the README.MLS file for more information. As noted there, the MLS policy component is considered experimental and has not been configured for use. Unless you really want to experiment with it, I wouldn't recommend it. Our focus has been on the RBAC and TE policies. Of course, you can even express a MLS policy as a TE configuration if you want, although the state space explodes if you have a lot of MLS levels. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dale Amon <amon_at_vnl.com> subject: Re: Undefined refs in compile attempt Date: Wed, 12 Dec 2001 17:45:00 +0000
> These errors indicate that you enabled the MLS option without making the Thanks. James Morris got me past the first hurdle, but perhaps I will go back and drop the MLS option entirely for now. Also, have you included the Andrew Morton patches in your newer release? If you are having odd compile failures on Debian systems particularly with USB enabled, it's either that or downgrade binutils to an older less strict one (or enable HOTPLUG for no other reason than that it stops the bad bit of code from being left hanging). -- ------------------------------------------------------ Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org ------------------------------------------------------ -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com> subject: Re: Undefined refs in compile attempt Date: Wed, 12 Dec 2001 13:33:58 -0500 (EST)
On Wed, 12 Dec 2001, Dale Amon wrote:
> Also, have you included the Andrew Morton patches in your No, our kernel tree is simply the mainstream kernel tree plus the LSM kernel patch and the SELinux security module. Assuming that the patches to which you refer will show up in 2.4.17, we'll just pick them up when we update to 2.4.17. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Shaun Savage <savages_at_pcez.com> subject: Admin help, Please Date: Wed, 12 Dec 2001 14:37:17 -0800
during "install" i have three users, root,musterman,zot. root and musterman have sysadm_r and user_r roles zot only has user_r I can't get musterman to enter sysadm_r role. I try "newrole" but I get error musterman,sysadm_r,sysadm_t not valid
Where/ how do I check what user has what roles and how do I change the
user roles?
Shaun Savage -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com> subject: Re: Admin help, Please Date: Thu, 13 Dec 2001 08:35:16 -0500 (EST)
On Wed, 12 Dec 2001, Shaun Savage wrote:
> I can't get musterman to enter sysadm_r role. The authorized roles for each user are specified in the policy/users file. So if musterman has sysadm_r listed in his authorized roles in the policy/users file (and if you installed and booted with that policy, or reloaded it dynamically via 'make load'), he should be able to enter that role using newrole. -- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Dale Amon <amon_at_vnl.com> subject: Re: Undefined refs in compile attempt Date: Fri, 14 Dec 2001 01:32:03 +0000
First, I took the newest version as Dr. Smalley suggested and applied his two patches. I also applied the patch from Andrew Morton on LKML to try to fix the problem that has shown up because of the new, more restrictive binutils. That failed. I believe the problem might be that there are occurences of the problem that are in the lsm patch or the selinux patches as it has to do with module exit code I believe. My second choice was to backoff to an older binutils and do the ld using that.
533 tar zxf 2001121010-SELINUX/lsm-selinux-2001121010.tgz
537 cd selinux/
550 cd ../selinux/module/
558 cp -a ../20011213-collective.config .config
559 make oldconfig
Downgrade to binutils_2.11.92.0.7-2_i386.deb
562 make dep
Now since I am not building for this machine, I move everything to a target "root" which I'll later tar up and copy over to the test machine: 571 cp -a System.map ../Selinux/boot/System.map-2.4.16-lsm 572 cp -a arch/i386/boot/bzImage ../Selinux/boot/vmlinuz-2.4.16-lsm 574 make INSTALL_MOD_PATH=/usr/src/Selinux/ modules_install Since selinux doesn't have this feature, I edited the makefile and added it. After I'm done I'd be happy to supply any patchfiles I create in the process. 577 cd ../selinux/module Patch Makefile to have ROOT variable 587 make ROOT=/usr/src/Selinux/usr/local install At this point I'm not yet clear whether I can continue on the kernel factory or have to complete the commands in the README over on the target machine. I'm hoping not as it would be terribly awkward if I have to move the source tree across just to finish. So, I'm on to the next RTFM and RTFC step.
-- Nuke bin Laden: Dale Amon, CEO/MD improve the global Islandone Society gene pool. www.islandone.org
--
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |