[ubuntu-hardened] targeted policy broken?

Stephen Carpenter, KSC sjc at carpanet.net
Thu Sep 14 18:25:31 BST 2006


So far so good. I figured out how to get the initial policy load
going. However the default policy doesn't work so well. Needs alot of
tweaking. I would love to get a targeted policy up and running.

So I found pearls. I installed the policy. SO far so good... first issue
was that dpkg configure phase breaks:
make: *** No rule to make target `appconfig/default_contexts', needed by
`/etc/selinux/targeted/contexts/default_contexts'.  Stop.
dpkg: error processing selinux-policy-targeted (--configure):
 subprocess post-installation script returned error exit status 2
Errors were encountered while processing:

but the files all look like they are there so I give it a try and
a make gets me:
# make
/usr/bin/checkpolicy  -o policy.20 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
domains/program/apache.te:301:ERROR 'duplicate declaration of alias
httpd_user_content_t' at token ';' on line 138198:
typealias httpd_sys_content_t alias httpd_user_content_t;
#line 301
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.20] Error 1

I made a pass at fixing this, took a bit of trying, ffound the duplicate
in a macro, commented it out... then I had some other error.

Has anyone else tried this? Does anyone have a reasonably tweaked
version of the targeted policy for current ubuntu?

I really want to start playing with this.

"You can't legislate intelligence and common sense into people"
                 -- Will Rogers

More information about the ubuntu-hardened mailing list