Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListHelp with semanage...
From: Hasan Rezaul-CHR010 <CHR010_at_motorola.com>
Date: Mon, 4 Jun 2007 17:30:33 -0400
I have a Linux machine (Machine_A) running a collection of *strict* SELinux policies. On Machine_A, I am able to further modify policies by using semanage, and also add/delete policy modules using semodule. I can make changes at will successfully as many times as I want. I tarred up the entire /etc/selinux/* directory from Machine_A, and I untarred the tar-ball on another Linux machine, Machine_B. On Machine_B, I also created and mounted the /selinux/ directory. With all selinux files/dirs in place, AFTER rebooting Machine_B, SELinux policies seem to be working as expected ! At this point, I am able to execute "semanage" ONLY ONE time successfully ! Any attempts to make any further changes after the first time fails with the error below... So for example, If I create a new user-mapping with: "semanage login -a -s staff_u Admin", this first command is successful ! But every semanage command run afterwards has this same error:
semanage login -d Admin
The error message in the /var/log/messages file is: Jun 4 21:10:11 unknown python: Failed: delete SELinux user mapping name=Admin Any ideas on why I can execute semanage only ONCE ? I have tried rebooting the machine several times, to see if it helps, but it doesn't !
Also, whats the significance of the
Thanks in advance,
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 5 Jun 2007 - 08:35:18 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |