When trying to mark a domain as permissive, the following error occurs: /usr/sbin/semanage: compilation failed: make: /usr/share/selinux/default/Makefile: No such file or directory make: *** No rule to make target `/usr/share/selinux/default/Makefile'. Stop. Reproducible: Always
Looks like sepolgen uses /etc/selinux/sepolgen.conf as a way to "override" default/hardcoded values. Creating the file with the following contents makes the permissive domains work again: """ SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include """ Given that we support multiple SELINUXTYPE targets, I'll see what I can do to either automate this or document it properly.
In main tree, ~arch'ed
Hmm. This does not prevent the corresponding test from failing the first time (because sepolgen.conf is not installed when the test runs), but after that, everything works fine.
Hmm, chicken-or-egg problem. I'll see if I can update the test to use a correct path
Ok, I patched sepolgen for now to include our set of paths. I confirmed that without it, the test fails, and with it, the test goes through. Sadly, I uncovered that the tests run with the default system python (in my case that was python-3.2) whereas sepolgen requires python-2.7 so I need to fix that as well. Also, that means one of the patches currently involved (0010) can be dropped (as that was a python-3 related change). Time for bed now, will look into this further tomorrow.
(In reply to Sven Vermeulen from comment #5) > Ok, I patched sepolgen for now to include our set of paths. With which I mean, purely locally - not in the tree.
Okay, should be corrected now. I also submitted the patch upstream (did the same last time, no response). In repo, ~arch'ed.
Stable in tree