When a new SELinux policy is build (or the policy is reloaded), the following failure occurs: """ libsemanage.semanage_make_sandbox: Could not copy files to sandbox /etc/selinux/strict/modules/tmp. (Permission denied) """ This is due to a change in policy for semanage between r9 and r10. In r10, the "modules" directory is assumed to be created using a named file transition into "semanage_store_t". On existing systems however, the directory is already available (and with selinux_config_t). The following simple fix resolves this issue, and will also be in r11. """ semanage fcontext -a -t semanage_store_t /etc/selinux/strict/modules restorecon -R /etc/selinux/strict/modules """ Reproducible: Always
In hardened-dev overlay, rev 11
In main tree, ~arched
Stabilized