Actions
Issue #6048
closed
SELinux policy won't install on CentOS 7
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Katello, SELinux
Sprint:
Sprint 65
Quarter:
Description
I follow the directions here on a fresh, up to date Centos 7 box: https://github.com/pulp/pulpcore-selinux
The policy compiles but fails to install. It says: Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pulpcore/cil:52
Here is how I reproduce:
[vagrant@centos7 pulpcore-selinux]$ make clean
rm -f *~ *.tc *.pp *.pp.bz2
rm -rf tmp *.tar.gz
[vagrant@centos7 pulpcore-selinux]$ sudo make
make -f /usr/share/selinux/devel/Makefile pulpcore.pp
make[1]: Entering directory `/home/vagrant/pulpcore-selinux'
Compiling targeted pulpcore module
pulpcore.te:63: Warning: miscfiles_read_certs() has been deprecated, please use miscfiles_read_generic_certs() instead.
/usr/bin/checkmodule: loading policy configuration from tmp/pulpcore.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/pulpcore.mod
Creating targeted pulpcore.pp policy package
rm tmp/pulpcore.mod tmp/pulpcore.mod.fc
make[1]: Leaving directory `/home/vagrant/pulpcore-selinux'
Compressing pulpcore.pp -> pulpcore.pp.bz2
bzip2 -9 pulpcore.pp
[vagrant@centos7 pulpcore-selinux]$ sudo make install-policy
semodule -i pulpcore.pp.bz2
Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pulpcore/cil:52
semodule: Failed!
make: *** [install-policy] Error 1
Actions
.
Update README and pulpcore.te
Changed building and installing steps in README:
Update pulpcore.te file:
Fixed: https://pulp.plan.io/issues/6048