When trying to mark a domain as permissive, the following error occurs:
/usr/sbin/semanage: compilation failed:
make: /usr/share/selinux/default/Makefile: No such file or directory
make: *** No rule to make target `/usr/share/selinux/default/Makefile'. Stop.
Looks like sepolgen uses /etc/selinux/sepolgen.conf as a way to "override" default/hardcoded values. Creating the file with the following contents makes the permissive domains work again:
Given that we support multiple SELINUXTYPE targets, I'll see what I can do to either automate this or document it properly.
In main tree, ~arch'ed
Hmm. This does not prevent the corresponding test from failing the first time (because sepolgen.conf is not installed when the test runs), but after that, everything works fine.
Hmm, chicken-or-egg problem.
I'll see if I can update the test to use a correct path
Ok, I patched sepolgen for now to include our set of paths.
I confirmed that without it, the test fails, and with it, the test goes through.
Sadly, I uncovered that the tests run with the default system python (in my case that was python-3.2) whereas sepolgen requires python-2.7 so I need to fix that as well. Also, that means one of the patches currently involved (0010) can be dropped (as that was a python-3 related change).
Time for bed now, will look into this further tomorrow.
(In reply to Sven Vermeulen from comment #5)
> Ok, I patched sepolgen for now to include our set of paths.
With which I mean, purely locally - not in the tree.
Okay, should be corrected now. I also submitted the patch upstream (did the same last time, no response).
In repo, ~arch'ed.
Stable in tree