Conversation

Notices

1. Phantasm (phnt@fluffytail.org)'s status on Wednesday, 26-Feb-2025 05:57:16 JST Phantasm
   >updating selinux policy fails every second run
   What is this magic?
   • † top dog :pedomustdie: likes this.
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Wednesday, 26-Feb-2025 05:57:25 JST † top dog :pedomustdie:

     in reply to
     @phnt >selinux
     Why
   • Phantasm (phnt@fluffytail.org)'s status on Wednesday, 26-Feb-2025 05:58:08 JST Phantasm

     in reply to

     • † top dog :pedomustdie:
     @dcc cucked by RH thanks to my hate for Debian.
     † top dog :pedomustdie: likes this.
   • † top dog :pedomustdie: (dcc@annihilation.social)'s status on Wednesday, 26-Feb-2025 05:58:50 JST † top dog :pedomustdie:

     in reply to
     @phnt We have slackware sir
     32dc50e3f36665af5e38dd2bd4e9439d518e30d9a0ee6a59cb6cb4946a25294f.gif
   • Phantasm (phnt@fluffytail.org)'s status on Wednesday, 26-Feb-2025 06:08:05 JST Phantasm

     in reply to

     • † top dog :pedomustdie:
     • Based Stable Lunatic

     @BasedLunatic @dcc They did and in typical glowie fashion there's basically zero docs for it.

     How to package policies? Figure that one on your own.
     How to create packages? sepolicy generate --init and read through fedora's builtin policies on GitHub while avoiding the m4 macros in their buildsystem, because they don't actually exist outside of the repo.

     † top dog :pedomustdie: likes this.
   • Based Stable Lunatic (basedlunatic@annihilation.social)'s status on Wednesday, 26-Feb-2025 06:08:06 JST Based Stable Lunatic

     in reply to

     • † top dog :pedomustdie:
     @dcc @phnt Glowies invented it didn’t they? :pepe_cia:
   • Phantasm (phnt@fluffytail.org)'s status on Wednesday, 26-Feb-2025 06:10:19 JST Phantasm

     in reply to

     • † top dog :pedomustdie:
     • Based Stable Lunatic
     @BasedLunatic @dcc I think most of the actual docs are behind the payed course made by RH.
     † top dog :pedomustdie: likes this.
   • Phantasm (phnt@fluffytail.org)'s status on Thursday, 27-Feb-2025 22:14:56 JST Phantasm

     in reply to
     The magic was as usual user error. Instead of `gen_require(type whatever_t;)` I used only `type whatever_t` which triggers a redefinition of the type which then promptly fails to install the policy. The reason why it was triggering every other run is because my RPM package removed the previous policy on upgrade/reinstall for debugging reasons.
     
     Now I have a new issue:
     ```
     ERROR 'syntax error' at token 'mmap_manage_files_pattern' on line 4029:
     ```
     
     And this is one of the annoying "you are using an old version of the SELinux policy macros" issues. The macro definitions in RHEL8 don't support this type yet.
     † top dog :pedomustdie: likes this.