[refpolicy] Problem about audit-test-2090 + refpolicy-2.20091117

[Paul Moore]

On Wed, 2010-08-18 at 13:24 +0000, TaurusHarry wrote:
> Many many thanks for your response!
>  
> Well, after I installed SELinux header properly then I did could enter
> audit-test/utils/selinux-policy/ successfully built lspp_test.pp
> there, however, I run into below error messages when trying to insert
> it:
>  
> [root/secadm_r/s0 at qemu-host selinux-policy]# semodule -i lspp_test.pp
> libsepol.expand_terule_helper: conflicting TE rule for
> ( lspp_test_generic_t, sepgsql_db_t:db_table): old was
> user_sepgsql_table_t, new is sepgsql_table_t
> libsepol.expand_module: Error during expand
> libsemanage.semanage_expand_sandbox: Expand module failed
> semodule: Failed!
> [root/secadm_r/s0 at qemu-host selinux-policy]#
>  
> Very honestly speaking I am clueless about such error message, so I
> tried to compile lspp_test.pp along with refpolicy source code just to
> see if such problem could simply disappear. Do you have some comments
> or suggestions about it? 

Hmm, it looks like perhaps there is a conflict with the sepostgres
policy?  I'm not sure, I haven't built this policy on recent versions of
the refpolicy.  I've heard rumors that some of the RH guys are running
audit-test on recent versions of Fedora/RHEL6 but I don't know if that
includes all of the LSPP bits, e.g. the lspp_test policy module.
 
If you want to play with SELinux policy, we're always accepting
patches :)

> Moreover, the audit-test-2090 seems to be a little "old" than the
> refpolicy-2.20091117, for example, the lspp_test.te calls
> mls_file_read_up() rather than the expected
> mls_file_read_all_levels(), do you know if I could find some latest
> version of audit-test package or some latest version of the
> lspp_test.* files?

You can always find the latest bits in the audit-test SVN repo on
sf.net, however, I must admit that currently we've only tested it
against RHEL5.x and some older Fedora releases.

-- 
paul moore
linux @ hp