Description of problem: Using SEL targeted policy if that is relevant. When creating a new module using audit2allow the new policy cannot be loaded. Version-Release number of selected component (if applicable): Fedora 13 How reproducible: Every time (also tried a different test module, still couldn't load it. Steps to Reproduce: 1. Set SEL to permissive. 2. Carry out new action (starting googleearth in my case) then run "audit2allow -l -a -M filename". 3. Try to load the new module with "semodule -i filename" Actual results: [root@peony ~]# setenforce 0 [root@peony ~]# audit2allow -l -a -M selgoogleearth ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i selgoogleearth.pp [root@peony ~]# semodule -i selgoogleearth.pp libsemanage.semanage_link_sandbox: Could not access sandbox base file /etc/selinux/targeted/modules/tmp/base.pp. (No such file or directory). semodule: Failed! [root@peony ~]# Expected results: module loaded! Additional info: I asked about this in the Fedora forum, see thread for more info - http://forums.fedoraforum.org/showthread.php?p=1367743&posted=1#post1367743
Looks like something might be wrong with your policy install Could you try yum reinstall selinux-policy-targeted And see if this blows up.
OK - as it had already been suggested on the forum, i had previously reinstalled selinux-policy and policy-targeted prior to reporting the bug. It made no difference. As you suggested it again though I reinstalled everything SEL-related including replacing one (or was there two?) sel libraries which I had somehow installed from fedora-updates-testing repo. I removed everything, reinstalled everything from fedora.repo, and lo and behold, it works. the selgoogleearth.pp loaded fine. None of the sel-related GUI programs work though (SEL Mangament or Policy Generation Tool or any setools). None of them do anything when i click on 'em, but i expect this is a Fedora foible, probably unrelated. I am looking into this.
Run system-config-selinux from the command line and see what error happens? Are you running with confined users?
Works fine now thanks. After searching the repos with yum I found the policycoreutils-gui package, which for some reason wasn't installed along with policycoreutils as part of my boot.fedora.org installation. All the menu entries were present though, so I can forgive myself for missing a package I didn't even know existed. So whether this is an SELinux bug or a boot.fedora.org bug, or just a one off unexplainable error with my installation I don't know. Given the fact that different elements of SELinux had obviously not installed properly, and now this GUI thing, I guess it's a BFO bug. I'm not about to try to reproduce it though; not got the time sorry.
Ok if it happens again, I will reopen.