[ubuntu-hardened] targeted policy broken?
Stephen Carpenter, KSC
sjc at carpanet.net
Thu Sep 14 18:25:31 BST 2006
So far so good. I figured out how to get the initial policy load
going. However the default policy doesn't work so well. Needs alot of
tweaking. I would love to get a targeted policy up and running.
So I found pearls. I installed the policy. SO far so good... first issue
was that dpkg configure phase breaks:
make: *** No rule to make target `appconfig/default_contexts', needed by
dpkg: error processing selinux-policy-targeted (--configure):
subprocess post-installation script returned error exit status 2
Errors were encountered while processing:
but the files all look like they are there so I give it a try and
a make gets me:
/usr/bin/checkpolicy -o policy.20 policy.conf
/usr/bin/checkpolicy: loading policy configuration from policy.conf
domains/program/apache.te:301:ERROR 'duplicate declaration of alias
httpd_user_content_t' at token ';' on line 138198:
typealias httpd_sys_content_t alias httpd_user_content_t;
/usr/bin/checkpolicy: error(s) encountered while parsing configuration
make: *** [policy.20] Error 1
I made a pass at fixing this, took a bit of trying, ffound the duplicate
in a macro, commented it out... then I had some other error.
Has anyone else tried this? Does anyone have a reasonably tweaked
version of the targeted policy for current ubuntu?
I really want to start playing with this.
"You can't legislate intelligence and common sense into people"
-- Will Rogers
More information about the ubuntu-hardened