[DSE-Dev] SELinux: make load fails for Debian 7 rc1

Ken mantaray_1 at cox.net
Tue Mar 5 23:58:04 UTC 2013 

Hello,

I have been using Debian with SELinux since the release of "Etch," and I 
have built and maintained a custom policy which I need to modify the 
source to implement.  I downloaded the new release candidate and 
installed it on a test system this weekend, and when I installed the 
SELinux policy from the source package, I was unable to successfully run 
'make load'.  The Kernel is recompiled with support for SELinux set to 
default.  The only modifications made were to the Linux security 
settings.  Here are the Linux security settings:
********************************************************
NSA SELinux Support: Enabled
   NSA SELinux boot parameter default value: 1

NSA SELinux runtime disable: Disabled

NSA SELinux Development Support: Enabled

NSA SELinux AVC Statistics: Enabled

NSA SELinux checkreqprot default value: 1

NSA SELinux maximum supported policy format version: Disabled

TOMYO Linux Support: Disabled

AppArmor Support: Disabled

Integrity Measurement Architecture(IMA): Disabled

EVM Support: Disabled

Default Security Module: SELinux
********************************************************


My difficulty presents itself before I have made any alterations to the 
policy except for the name.  I have tried installing the policy without 
changing the name as well, with the same result.  I have also tried 
disabling the Debian specific build options, and this has not helped 
either.  Here is the error message:
********************************************************
libsepol.scope_copy_callback: procmail: Duplicate declaration in module: 
type/attribute procmail_tmp_t
libsemanage.semanage_link_sandbox: Link packages failed
/usr/sbin/semodule:  Failed!
make: *** [load] Error 1
********************************************************


This installation is being made to an empty partition, and I have 
checked for duplicate declarations in the policy with the following result:
********************************************************
root at localhost:/etc/selinux/strict/src/policy/policy/modules# grep -r 
procmail_tmp_t
services/lda.te:typealias lda_tmp_t alias procmail_tmp_t;
services/procmail.te:type procmail_tmp_t;
services/procmail.te:files_tmp_file(procmail_tmp_t)
services/procmail.te:allow procmail_t procmail_tmp_t:file manage_file_perms;
services/procmail.te:files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
services/procmail.if:           type procmail_tmp_t;
services/procmail.if:   allow $1 procmail_tmp_t:file read_file_perms;
services/procmail.if:           type procmail_tmp_t;
services/procmail.if:   rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
root at localhost:/etc/selinux/strict/src/policy/policy/modules#
********************************************************


Please send me some information that will help me to successfully 
install the policy.

Thanks,
Ken.

More information about the SELinux-devel mailing list