Source: policycoreutils Version: 2.2.5-1 Severity: normal I'm trying to set up SELinux on an unusually cut-down system - it only has one network service installed, plus all the infrastructure required for that, about 200 packages in total - and since this is the first time I've done anything with SELinux, it seemed best to cut the overall policy size down to the absolute minimum in order to make it easier to reason about. I managed to get it this far:
# semodule -l | grep -v Disabled apache 2.7.3 application 1.2.0 authlogin 2.5.3 clock 1.7.1 consoletype 1.10.0 getty 1.10.0 inetd 1.13.0 init 1.20.6 libraries 2.10.1 locallogin 1.12.1 logging 1.20.4 miscfiles 1.11.0 modutils 1.14.1 mount 1.16.5 mta 2.7.3 This is an intermediate stage, obviously more stuff will be turned back on, but there are several things in here I still don't want, like 'apache' (the machine is NOT a web server). But look what happens when I try to turn any of them off: # semodule -d apache libsepol.print_missing_requirements: yam's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! # semodule -l | grep yam yam 1.5.0 Disabled Since yam is not enabled, its requirements are irrelevant and should not be honored. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (501, 'unstable'), (500, 'testing'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash _______________________________________________ SELinux-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel
