seedit-devel Mailing List for SELinux Policy Editor
Brought to you by:
ynakam
Menu
▾
▴
seedit-devel — Discussion about development of SELinux Policy Editor
You can subscribe to this list here.
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(10) |
Aug
(1) |
Sep
|
Oct
(3) |
Nov
(3) |
Dec
|
| 2007 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(5) |
Jun
(3) |
Jul
|
Aug
(7) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2008 |
Jan
|
Feb
|
Mar
(4) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Yuichi N. <him...@mi...> - 2008-04-29 12:33:02
|
Hi. On Tue, 29 Apr 2008 16:38:29 +0530 "shaunak saha" <rea...@gm...> wrote: > Hi , > > I m trying to run an application in an arm target. I m following the > directions given here. > http://seedit.svn.sourceforge.net/svnroot/seedit/trunk/README.cross > > My root filesystem inside the target is cramfs and the application i m > trying to execute is in ext3 filesystem which is mounted in a directory in > root filesystem. > When i try to execute the eapplication it givving me all this avc denied > arror > > *audit(56.939:5): avc: denied { read write } for pid=362 > comm="selinux_arm" na > me="ttyS0" dev=tmpfs ino=412 scontext=system_u:system_r:selinux_arm_t > tcontext=s > ystem_u:object_r:unlabeled_t tclass=chr_file > audit(56.970:6): avc: denied { search } for pid=362 comm="selinux_arm" > name=" > /" dev=mtdblock2 ino=76 scontext=system_u:system_r:selinux_arm_t > tcontext=system > _u:object_r:unlabeled_t tclass=dir > audit(56.979:7): avc: denied { read } for pid=362 comm="selinux_arm" > name="ld > .so.cache" dev=mtdblock2 ino=253124 scontext=system_u:system_r:selinux_arm_t > tco > ntext=system_u:object_r:unlabeled_t tclass=lnk_file > audit(56.999:8): avc: denied { search } for pid=362 comm="selinux_arm" > name=" > /" dev=mtdblock4 ino=2 scontext=system_u:system_r:selinux_arm_t > tcontext=system_ > u:object_r:dir_opt_xocean_t tclass=dir > audit(57.020:9): avc: denied { read } for pid=362 comm="selinux_arm" > name="li > bc-2.5.so" dev=mtdblock2 ino=1063684 > scontext=system_u:system_r:selinux_arm_t tc > ontext=system_u:object_r:unlabeled_t tclass=file > audit(57.040:10): avc: denied { execute } for pid=362 comm="selinux_arm" > name > ="libc-2.5.so" dev=mtdblock2 ino=1063684 > scontext=system_u:system_r:selinux_arm_ > t tcontext=system_u:object_r:unlabeled_t tclass=file > audit(57.059:11): avc: denied { write } for pid=362 comm="selinux_arm" > name=" > test.txt" dev=mtdblock4 ino=14 scontext=system_u:system_r:selinux_arm_t > tcontext > =system_u:object_r:opt_xocean_testdtxt_t tclass=file > audit(57.080:12): avc: denied { ioctl } for pid=362 comm="selinux_arm" > name=" > console" dev=mtdblock2 ino=1 scontext=system_u:system_r:selinux_arm_t > tcontext=s > ystem_u:object_r:unlabeled_t tclass=chr_file* > ** > For the application i m creating the policy in host usding sedit and then > copying the whole policy_root directory in the /etc/selinux/seedit in the > root filesystem. > > My root filesystem is flashed in /dev/mtd2 and ext3 files in /dev/mtd4 > ls -Z in root filesystem shows that all the directories except /dev > ,/selinux ,/proc and /sys are labeled as *romfs_t*. > > Please help. It seems that /opt is mounted as ext3, and files under /opt is labeled properly. However, files under /dev are not labeled properly. You may have to restorecon -R /dev at boot time(in rc.sysinit). And can you tell me the full path of "console" and "libc-2.5.so" and can you try ls -Z for them? They are "unlabeled_t" for some reason, I want to find why. > > Regards, > Shaunak > > > > On Thu, Mar 20, 2008 at 9:31 AM, shaunak saha <rea...@gm...> > wrote: > > > Hi all, > > > > I m able to remove the "undefined reference" error now. I found some info > > about how to remove this here : > > > > http://www.nsa.gov/selinux/list-archive/0708/22031.cfm and followed it.So > > it is gone now. > > > > I removed -z,defs from the src/Makefile.But i dont know the consequences > > of this. > > > > Thanks and Regards, > > Shaunak > > > > On Wed, Mar 19, 2008 at 6:22 PM, shaunak saha <rea...@gm...> > > wrote: > > > > > > > > Hi, > > > > > > Many thanks.Its now working.I have taken libselinux version > > > 2.0.59.Previously it was 1.34.15. > > > > > > but now I m getting one more problem. > > > > > > *matchpathcon.lo: In function `add_array_elt': > > > matchpathcon.c:(.text+0x20): undefined reference to `__tls_get_addr' > > > matchpathcon.c:(.text+0x44): undefined reference to `__tls_get_addr' > > > matchpathcon.c:(.text+0x60): undefined reference to `__tls_get_addr' > > > matchpathcon.c:(.text+0x78): undefined reference to `__tls_get_addr' > > > matchpathcon.c:(.text+0x90): undefined reference to `__tls_get_addr' > > > matchpathcon.lo:matchpathcon.c:(.text+0xc0): more undefined references > > > to `__tls_get_addr' follow > > > collect2: ld returned 1 exit status > > > * > > > ** > > > This maybe my problem with not setting the environment properly for my > > > cross compiler toolchain.I m not sure about that.Just asked if anyone faced > > > this problem before and know the silution for this. > > > > > > Thanks and Regards, > > > Shaunak > > > > > > On Wed, Mar 19, 2008 at 1:52 PM, Yuichi Nakamura < > > > yn...@hi...> wrote: > > > > > > > Hi. > > > > > > > > On Wed, 19 Mar 2008 13:33:33 +0530 > > > > "shaunak saha" wrote: > > > > > Hi all, > > > > > > > > > > This is shaunak. I m new to selinux.Trying to learn it .I found > > > > seedit a > > > > > very nice tool.Using it i m able to frame a policy for a sample > > > > > client-server application.Now i want that application to be executed > > > > on an > > > > > arm board.So i m trying to build libselinux for arm.I got the > > > > toolchain for > > > > > my board.I used this command to build libselinux: > > > > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > > > > where in my arch i gave arm and in CC the path of my cross compiler. > > > > > Is this command right? > > > > > It gives this error after sometime. > > > > > > > > > > *cannot find -lsepol > > > > > collect2: ld returned 1 exit status > > > > > make[1]: *** [libselinux.so.1] Error 1* > > > > > ** > > > > > Now do i have to cross compile libsepol? > > > > It depends on version of libselinux. > > > > If you use libselinux 2.0.35 or later, > > > > you do not have to cross-compile libsepol, > > > > but you have to pass > > > > EMBEDDED=y like below. > > > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > > > EMBEDDED=y > > > > See: > > > > http://marc.info/?l=selinux&m=118064545200576&w=2 > > > > > > > > But you have to cross compile libsepol if you use BusyBox. > > > > BusyBox requires libsepol on build time. > > > > # You do not have to copy libsepol to board. > > > > Cross compiling libsepol is easy. > > > > make CC=<your cross compiler> > > > > > > > > > Is there any good document available which will tell how to compile > > > > > libselinux for arm? > > > > Here is patch list: > > > > http://elinux.org/SELinux > > > > but not enough documentation. > > > > I will modify README.cross. > > > > > > > > And I am going to give talk about Embeded SELinux in US. > > > > http://embeddedlinuxconference.com/elc2008/index.html > > > > > > > > > > > > > > Thanks and Regards > > > > > Shaunak > > > > > * > > > > > * > > > > > > > > -- > > > > Yuichi Nakamura > > > > Hitachi Software Engineering Co., Ltd. > > > > Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ > > > > SELinux Policy Editor: http://seedit.sourceforge.net/ > > > > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > > This SF.net email is sponsored by: Microsoft > > > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > > _______________________________________________ > > > > Seedit-devel mailing list > > > > See...@li... > > > > https://lists.sourceforge.net/lists/listinfo/seedit-devel > > > > > > > > > > > > > |
|
From: shaunak s. <rea...@gm...> - 2008-04-29 11:08:39
|
Hi , I m trying to run an application in an arm target. I m following the directions given here. http://seedit.svn.sourceforge.net/svnroot/seedit/trunk/README.cross My root filesystem inside the target is cramfs and the application i m trying to execute is in ext3 filesystem which is mounted in a directory in root filesystem. When i try to execute the eapplication it givving me all this avc denied arror *audit(56.939:5): avc: denied { read write } for pid=362 comm="selinux_arm" na me="ttyS0" dev=tmpfs ino=412 scontext=system_u:system_r:selinux_arm_t tcontext=s ystem_u:object_r:unlabeled_t tclass=chr_file audit(56.970:6): avc: denied { search } for pid=362 comm="selinux_arm" name=" /" dev=mtdblock2 ino=76 scontext=system_u:system_r:selinux_arm_t tcontext=system _u:object_r:unlabeled_t tclass=dir audit(56.979:7): avc: denied { read } for pid=362 comm="selinux_arm" name="ld .so.cache" dev=mtdblock2 ino=253124 scontext=system_u:system_r:selinux_arm_t tco ntext=system_u:object_r:unlabeled_t tclass=lnk_file audit(56.999:8): avc: denied { search } for pid=362 comm="selinux_arm" name=" /" dev=mtdblock4 ino=2 scontext=system_u:system_r:selinux_arm_t tcontext=system_ u:object_r:dir_opt_xocean_t tclass=dir audit(57.020:9): avc: denied { read } for pid=362 comm="selinux_arm" name="li bc-2.5.so" dev=mtdblock2 ino=1063684 scontext=system_u:system_r:selinux_arm_t tc ontext=system_u:object_r:unlabeled_t tclass=file audit(57.040:10): avc: denied { execute } for pid=362 comm="selinux_arm" name ="libc-2.5.so" dev=mtdblock2 ino=1063684 scontext=system_u:system_r:selinux_arm_ t tcontext=system_u:object_r:unlabeled_t tclass=file audit(57.059:11): avc: denied { write } for pid=362 comm="selinux_arm" name=" test.txt" dev=mtdblock4 ino=14 scontext=system_u:system_r:selinux_arm_t tcontext =system_u:object_r:opt_xocean_testdtxt_t tclass=file audit(57.080:12): avc: denied { ioctl } for pid=362 comm="selinux_arm" name=" console" dev=mtdblock2 ino=1 scontext=system_u:system_r:selinux_arm_t tcontext=s ystem_u:object_r:unlabeled_t tclass=chr_file* ** For the application i m creating the policy in host usding sedit and then copying the whole policy_root directory in the /etc/selinux/seedit in the root filesystem. My root filesystem is flashed in /dev/mtd2 and ext3 files in /dev/mtd4 ls -Z in root filesystem shows that all the directories except /dev ,/selinux ,/proc and /sys are labeled as *romfs_t*. Please help. Regards, Shaunak On Thu, Mar 20, 2008 at 9:31 AM, shaunak saha <rea...@gm...> wrote: > Hi all, > > I m able to remove the "undefined reference" error now. I found some info > about how to remove this here : > > http://www.nsa.gov/selinux/list-archive/0708/22031.cfm and followed it.So > it is gone now. > > I removed -z,defs from the src/Makefile.But i dont know the consequences > of this. > > Thanks and Regards, > Shaunak > > On Wed, Mar 19, 2008 at 6:22 PM, shaunak saha <rea...@gm...> > wrote: > > > > > Hi, > > > > Many thanks.Its now working.I have taken libselinux version > > 2.0.59.Previously it was 1.34.15. > > > > but now I m getting one more problem. > > > > *matchpathcon.lo: In function `add_array_elt': > > matchpathcon.c:(.text+0x20): undefined reference to `__tls_get_addr' > > matchpathcon.c:(.text+0x44): undefined reference to `__tls_get_addr' > > matchpathcon.c:(.text+0x60): undefined reference to `__tls_get_addr' > > matchpathcon.c:(.text+0x78): undefined reference to `__tls_get_addr' > > matchpathcon.c:(.text+0x90): undefined reference to `__tls_get_addr' > > matchpathcon.lo:matchpathcon.c:(.text+0xc0): more undefined references > > to `__tls_get_addr' follow > > collect2: ld returned 1 exit status > > * > > ** > > This maybe my problem with not setting the environment properly for my > > cross compiler toolchain.I m not sure about that.Just asked if anyone faced > > this problem before and know the silution for this. > > > > Thanks and Regards, > > Shaunak > > > > On Wed, Mar 19, 2008 at 1:52 PM, Yuichi Nakamura < > > yn...@hi...> wrote: > > > > > Hi. > > > > > > On Wed, 19 Mar 2008 13:33:33 +0530 > > > "shaunak saha" wrote: > > > > Hi all, > > > > > > > > This is shaunak. I m new to selinux.Trying to learn it .I found > > > seedit a > > > > very nice tool.Using it i m able to frame a policy for a sample > > > > client-server application.Now i want that application to be executed > > > on an > > > > arm board.So i m trying to build libselinux for arm.I got the > > > toolchain for > > > > my board.I used this command to build libselinux: > > > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > > > where in my arch i gave arm and in CC the path of my cross compiler. > > > > Is this command right? > > > > It gives this error after sometime. > > > > > > > > *cannot find -lsepol > > > > collect2: ld returned 1 exit status > > > > make[1]: *** [libselinux.so.1] Error 1* > > > > ** > > > > Now do i have to cross compile libsepol? > > > It depends on version of libselinux. > > > If you use libselinux 2.0.35 or later, > > > you do not have to cross-compile libsepol, > > > but you have to pass > > > EMBEDDED=y like below. > > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > > EMBEDDED=y > > > See: > > > http://marc.info/?l=selinux&m=118064545200576&w=2 > > > > > > But you have to cross compile libsepol if you use BusyBox. > > > BusyBox requires libsepol on build time. > > > # You do not have to copy libsepol to board. > > > Cross compiling libsepol is easy. > > > make CC=<your cross compiler> > > > > > > > Is there any good document available which will tell how to compile > > > > libselinux for arm? > > > Here is patch list: > > > http://elinux.org/SELinux > > > but not enough documentation. > > > I will modify README.cross. > > > > > > And I am going to give talk about Embeded SELinux in US. > > > http://embeddedlinuxconference.com/elc2008/index.html > > > > > > > > > > > Thanks and Regards > > > > Shaunak > > > > * > > > > * > > > > > > -- > > > Yuichi Nakamura > > > Hitachi Software Engineering Co., Ltd. > > > Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ > > > SELinux Policy Editor: http://seedit.sourceforge.net/ > > > > > > > > > > > > ------------------------------------------------------------------------- > > > This SF.net email is sponsored by: Microsoft > > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > _______________________________________________ > > > Seedit-devel mailing list > > > See...@li... > > > https://lists.sourceforge.net/lists/listinfo/seedit-devel > > > > > > > > |
|
From: Yuichi N. <yn...@hi...> - 2008-04-02 08:04:24
|
Hi. > *system_u:object_r:romfs_t What is your file system? To use SELinux, file system must support xattr(Extended attribute). ext3, ext2, jffs2 support xattr. Yaffs2, logfs, cramfs do not support xattr. On Wed, 2 Apr 2008 13:21:24 +0530 "shaunak saha" <rea...@gm...> wrote: > Hi all, > > I m trying to execute and selinux application in an arm target which just > tries to open a file.I have followed the instructions given here: > > http://seedit.svn.sourceforge.net/svnroot/seedit/trunk/README.cross > > But it is not working.Every time it is unable to open the file even when in > the policy rule i have given access to the file. > > And for all the files in the target the context is: > *system_u:object_r:romfs_t:s0* > ** > How is this happening? > > Please help > > Thanks and Regards, > Shaunak -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ |
|
From: shaunak s. <rea...@gm...> - 2008-04-02 07:51:26
|
Hi all, I m trying to execute and selinux application in an arm target which just tries to open a file.I have followed the instructions given here: http://seedit.svn.sourceforge.net/svnroot/seedit/trunk/README.cross But it is not working.Every time it is unable to open the file even when in the policy rule i have given access to the file. And for all the files in the target the context is: *system_u:object_r:romfs_t:s0* ** How is this happening? Please help Thanks and Regards, Shaunak |
|
From: shaunak s. <rea...@gm...> - 2008-03-20 04:01:09
|
Hi all, I m able to remove the "undefined reference" error now. I found some info about how to remove this here : http://www.nsa.gov/selinux/list-archive/0708/22031.cfm and followed it.So it is gone now. I removed -z,defs from the src/Makefile.But i dont know the consequences of this. Thanks and Regards, Shaunak On Wed, Mar 19, 2008 at 6:22 PM, shaunak saha <rea...@gm...> wrote: > > Hi, > > Many thanks.Its now working.I have taken libselinux version > 2.0.59.Previously it was 1.34.15. > > but now I m getting one more problem. > > *matchpathcon.lo: In function `add_array_elt': > matchpathcon.c:(.text+0x20): undefined reference to `__tls_get_addr' > matchpathcon.c:(.text+0x44): undefined reference to `__tls_get_addr' > matchpathcon.c:(.text+0x60): undefined reference to `__tls_get_addr' > matchpathcon.c:(.text+0x78): undefined reference to `__tls_get_addr' > matchpathcon.c:(.text+0x90): undefined reference to `__tls_get_addr' > matchpathcon.lo:matchpathcon.c:(.text+0xc0): more undefined references to > `__tls_get_addr' follow > collect2: ld returned 1 exit status > * > ** > This maybe my problem with not setting the environment properly for my > cross compiler toolchain.I m not sure about that.Just asked if anyone > faced this problem before and know the silution for this. > > Thanks and Regards, > Shaunak > > On Wed, Mar 19, 2008 at 1:52 PM, Yuichi Nakamura <yn...@hi...> > wrote: > > > Hi. > > > > On Wed, 19 Mar 2008 13:33:33 +0530 > > "shaunak saha" wrote: > > > Hi all, > > > > > > This is shaunak. I m new to selinux.Trying to learn it .I found seedit > > a > > > very nice tool.Using it i m able to frame a policy for a sample > > > client-server application.Now i want that application to be executed > > on an > > > arm board.So i m trying to build libselinux for arm.I got the > > toolchain for > > > my board.I used this command to build libselinux: > > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > > where in my arch i gave arm and in CC the path of my cross compiler. > > > Is this command right? > > > It gives this error after sometime. > > > > > > *cannot find -lsepol > > > collect2: ld returned 1 exit status > > > make[1]: *** [libselinux.so.1] Error 1* > > > ** > > > Now do i have to cross compile libsepol? > > It depends on version of libselinux. > > If you use libselinux 2.0.35 or later, > > you do not have to cross-compile libsepol, > > but you have to pass > > EMBEDDED=y like below. > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > EMBEDDED=y > > See: > > http://marc.info/?l=selinux&m=118064545200576&w=2 > > > > But you have to cross compile libsepol if you use BusyBox. > > BusyBox requires libsepol on build time. > > # You do not have to copy libsepol to board. > > Cross compiling libsepol is easy. > > make CC=<your cross compiler> > > > > > Is there any good document available which will tell how to compile > > > libselinux for arm? > > Here is patch list: > > http://elinux.org/SELinux > > but not enough documentation. > > I will modify README.cross. > > > > And I am going to give talk about Embeded SELinux in US. > > http://embeddedlinuxconference.com/elc2008/index.html > > > > > > > > Thanks and Regards > > > Shaunak > > > * > > > * > > > > -- > > Yuichi Nakamura > > Hitachi Software Engineering Co., Ltd. > > Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ > > SELinux Policy Editor: http://seedit.sourceforge.net/ > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2008. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Seedit-devel mailing list > > See...@li... > > https://lists.sourceforge.net/lists/listinfo/seedit-devel > > > > |
|
From: shaunak s. <rea...@gm...> - 2008-03-19 12:52:55
|
Hi, Many thanks.Its now working.I have taken libselinux version 2.0.59.Previously it was 1.34.15. but now I m getting one more problem. *matchpathcon.lo: In function `add_array_elt': matchpathcon.c:(.text+0x20): undefined reference to `__tls_get_addr' matchpathcon.c:(.text+0x44): undefined reference to `__tls_get_addr' matchpathcon.c:(.text+0x60): undefined reference to `__tls_get_addr' matchpathcon.c:(.text+0x78): undefined reference to `__tls_get_addr' matchpathcon.c:(.text+0x90): undefined reference to `__tls_get_addr' matchpathcon.lo:matchpathcon.c:(.text+0xc0): more undefined references to `__tls_get_addr' follow collect2: ld returned 1 exit status* ** This maybe my problem with not setting the environment properly for my cross compiler toolchain.I m not sure about that.Just asked if anyone faced this problem before and know the silution for this. Thanks and Regards, Shaunak On Wed, Mar 19, 2008 at 1:52 PM, Yuichi Nakamura <yn...@hi...> wrote: > Hi. > > On Wed, 19 Mar 2008 13:33:33 +0530 > "shaunak saha" wrote: > > Hi all, > > > > This is shaunak. I m new to selinux.Trying to learn it .I found seedit a > > very nice tool.Using it i m able to frame a policy for a sample > > client-server application.Now i want that application to be executed on > an > > arm board.So i m trying to build libselinux for arm.I got the toolchain > for > > my board.I used this command to build libselinux: > > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > > where in my arch i gave arm and in CC the path of my cross compiler. > > Is this command right? > > It gives this error after sometime. > > > > *cannot find -lsepol > > collect2: ld returned 1 exit status > > make[1]: *** [libselinux.so.1] Error 1* > > ** > > Now do i have to cross compile libsepol? > It depends on version of libselinux. > If you use libselinux 2.0.35 or later, > you do not have to cross-compile libsepol, > but you have to pass > EMBEDDED=y like below. > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > EMBEDDED=y > See: > http://marc.info/?l=selinux&m=118064545200576&w=2 > > But you have to cross compile libsepol if you use BusyBox. > BusyBox requires libsepol on build time. > # You do not have to copy libsepol to board. > Cross compiling libsepol is easy. > make CC=<your cross compiler> > > > Is there any good document available which will tell how to compile > > libselinux for arm? > Here is patch list: > http://elinux.org/SELinux > but not enough documentation. > I will modify README.cross. > > And I am going to give talk about Embeded SELinux in US. > http://embeddedlinuxconference.com/elc2008/index.html > > > > > Thanks and Regards > > Shaunak > > * > > * > > -- > Yuichi Nakamura > Hitachi Software Engineering Co., Ltd. > Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ > SELinux Policy Editor: http://seedit.sourceforge.net/ > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Seedit-devel mailing list > See...@li... > https://lists.sourceforge.net/lists/listinfo/seedit-devel > |
|
From: Yuichi N. <yn...@hi...> - 2008-03-19 08:22:15
|
Hi. On Wed, 19 Mar 2008 13:33:33 +0530 "shaunak saha" wrote: > Hi all, > > This is shaunak. I m new to selinux.Trying to learn it .I found seedit a > very nice tool.Using it i m able to frame a policy for a sample > client-server application.Now i want that application to be executed on an > arm board.So i m trying to build libselinux for arm.I got the toolchain for > my board.I used this command to build libselinux: > make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= > where in my arch i gave arm and in CC the path of my cross compiler. > Is this command right? > It gives this error after sometime. > > *cannot find -lsepol > collect2: ld returned 1 exit status > make[1]: *** [libselinux.so.1] Error 1* > ** > Now do i have to cross compile libsepol? It depends on version of libselinux. If you use libselinux 2.0.35 or later, you do not have to cross-compile libsepol, but you have to pass EMBEDDED=y like below. make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= EMBEDDED=y See: http://marc.info/?l=selinux&m=118064545200576&w=2 But you have to cross compile libsepol if you use BusyBox. BusyBox requires libsepol on build time. # You do not have to copy libsepol to board. Cross compiling libsepol is easy. make CC=<your cross compiler> > Is there any good document available which will tell how to compile > libselinux for arm? Here is patch list: http://elinux.org/SELinux but not enough documentation. I will modify README.cross. And I am going to give talk about Embeded SELinux in US. http://embeddedlinuxconference.com/elc2008/index.html > > Thanks and Regards > Shaunak > * > * -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ |
|
From: shaunak s. <rea...@gm...> - 2008-03-19 08:03:34
|
Hi all, This is shaunak. I m new to selinux.Trying to learn it .I found seedit a very nice tool.Using it i m able to frame a policy for a sample client-server application.Now i want that application to be executed on an arm board.So i m trying to build libselinux for arm.I got the toolchain for my board.I used this command to build libselinux: make ARCH=<your arch> CC=<your cross compiler> CFLAGS=-D__thread= where in my arch i gave arm and in CC the path of my cross compiler. Is this command right? It gives this error after sometime. *cannot find -lsepol collect2: ld returned 1 exit status make[1]: *** [libselinux.so.1] Error 1* ** Now do i have to cross compile libsepol? Is there any good document available which will tell how to compile libselinux for arm? Thanks and Regards Shaunak * * |
|
From: <hai...@ya...> - 2007-08-14 01:58:50
|
hi,
Himainu
Today I take most of the centos5 rpms ,seedit ,seedit-policy ,seedit-gui tegather, and make them as a system installation CD.When I complete the installation CD ,I install it,but I find that the seedit can not be installed into the system. Can the seedit rpm become a part of the system?Can the seedit-policy rpm be installed as a default policy replacing the targeted policy?
---------------------------------
抢注雅虎免费邮箱3.5G容量,20M附件! |
|
From: Yuichi N. <yn...@hi...> - 2007-08-10 07:36:51
|
Hi On Fri, 10 Aug 2007 11:00:15 +0800 (CST) キヘ〓wrote: > hi, > Himainu > > I have installed seedit,seedit-policy and set the RBAC > on. I want to create a new role and do as the example > in RBAC (Role Based Access Control) Guide.But when I > seedit-load ,there are some errors below: > > Audit chdir: > True > Error!:Detail is here.. > m4 -s /etc/seedit/policy/*.sp > >/etc/seedit/policy/all.sp; > /usr/bin/seedit-converter -i /etc/seedit/policy/all.sp > -o /usr/share/seedit/sepolicy -b > /usr/share/seedit/base_policy -I > /etc/seedit/policy/include ; > seedit-converter:Error:/etc/seedit/policy/webmaster_r.sp":line > 8:Error (token ';'): Error: unsupoprted rule: > dac_override > > > make: *** [policy] エ〓1 > > #Error!! check above error message > > > Why I cannot add a new role? Can you help me? I think you have to replace dac_override -> cap_dac_override. And, RBAC support for Cent OS5, Fedora 6 is unstable. You may find bugs... > > > Regards, > feng > > > ___________________________________________________________ > ヌタラ「ムナサ「テ箙ムモハマ.5Gネンチソ」ャ20Mクスシ?」。 > http://cn.mail.yahoo.com > -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ |
|
From: <hai...@ya...> - 2007-08-10 03:00:34
|
hi,
Himainu
I have installed seedit,seedit-policy and set the RBAC
on. I want to create a new role and do as the example
in RBAC (Role Based Access Control) Guide.But when I
seedit-load ,there are some errors below:
Audit chdir:
True
Error!:Detail is here..
m4 -s /etc/seedit/policy/*.sp
>/etc/seedit/policy/all.sp;
/usr/bin/seedit-converter -i /etc/seedit/policy/all.sp
-o /usr/share/seedit/sepolicy -b
/usr/share/seedit/base_policy -I
/etc/seedit/policy/include ;
seedit-converter:Error:/etc/seedit/policy/webmaster_r.sp":line
8:Error (token ';'): Error: unsupoprted rule:
dac_override
make: *** [policy] 错误 1
#Error!! check above error message
Why I cannot add a new role? Can you help me?
Regards,
feng
___________________________________________________________
抢注雅虎免费邮箱3.5G容量,20M附件!
http://cn.mail.yahoo.com
|
|
From: Yuichi N. <him...@mi...> - 2007-08-06 13:14:39
|
On Mon, 6 Aug 2007 15:31:32 +0800 (CST) 峰 王 wrote: > Hi, > Before installing seedit-policy, I found many booleans > under /selinux/booleans,and after installing the > rpm,there is fewer booleans under /selinux/booleans. > > I know seedit installs its own policy under > /etc/selinux/seedit,and it replaces default policy. > > I only want to add some policy under the seedit,Can I > add some booleans to the policy? SEEdit does not need booleans. To configure policy, edit /etc/seedit/policy. or, append configuration by GUI or audit2spdl. > Regards, > > feng > > > > > ___________________________________________________________ > 抢注雅虎免费邮箱3.5G容量,20M附件! > http://cn.mail.yahoo.com Regards, Yuichi Nakamura |
|
From: <hai...@ya...> - 2007-08-06 07:31:49
|
Hi,
Before installing seedit-policy, I found many booleans
under /selinux/booleans,and after installing the
rpm,there is fewer booleans under /selinux/booleans.
I know seedit installs its own policy under
/etc/selinux/seedit,and it replaces default policy.
I only want to add some policy under the seedit,Can I
add some booleans to the policy?
Regards,
feng
___________________________________________________________
抢注雅虎免费邮箱3.5G容量,20M附件!
http://cn.mail.yahoo.com
|
|
From: Yuichi N. <yn...@hi...> - 2007-08-06 06:35:12
|
Hi. On Mon, 6 Aug 2007 10:32:04 +0800 (CST) > Hello Himainu, > When we install seedit-policy under centos5,some > booleans can not be found which I want to use. > Can I use all of the booleans which is default in > centos5, When I install seedit-policy. > Can you help me to solve this problem? seedit installs its own policy under /etc/selinux/seedit. It replaces default policy, and it is different from default policy. Therefore, boolean is different. > Regards > > feng > > > Regards, -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ |
|
From: <hai...@ya...> - 2007-08-06 02:32:19
|
Hello Himainu,
When we install seedit-policy under centos5,some
booleans can not be found which I want to use.
Can I use all of the booleans which is default in
centos5, When I install seedit-policy.
Can you help me to solve this problem?
Regards
feng
___________________________________________________________
抢注雅虎免费邮箱3.5G容量,20M附件!
http://cn.mail.yahoo.com
|
|
From: Shane M. C. <sh...@op...> - 2007-06-26 15:45:27
|
Hi Yuichi Yuichi Nakamura wrote: > I am sorry for late reply. > I am updating current SEEdit for latest distro,=20 > I updated it for Cent OS5 recently, F7 in progress(can not connect F7 > build system now!). I am also sorry for the late reply. I was on a business trip. > I've heard about "OODA" in lecture about network security at GWU. > By the way, I have looked you .glade file. Thank you for the work. No problem. I am just beginning. > I like all is integrated in one window. > It is better than current "control panel" interface. > Please continue you work. I will continue. I hope to have more information for you soon. Regards Shane --=20 Shane Martin Coughlan e: sh...@op... m: +447773180107 (UK) +353862262570 (Ire) w: www.opendawn.com --- OpenPGP: http://www.opendawn.com/shane/publickey.asc |
|
From: Yuichi N. <yn...@hi...> - 2007-06-11 07:23:40
|
Hi. I am sorry for late reply. I am updating current SEEdit for latest distro, I updated it for Cent OS5 recently, F7 in progress(can not connect F7 build system now!). I've heard about "OODA" in lecture about network security at GWU. By the way, I have looked you .glade file. Thank you for the work. I like all is integrated in one window. It is better than current "control panel" interface. Please continue you work. > I am sorry for my slow progress lately. Work has been really busy. Me too :-( -- Yuichi Nakamura Hitachi Software Engineering Co., Ltd. Japan SELinux Users Group(JSELUG): http://www.selinux.gr.jp/ SELinux Policy Editor: http://seedit.sourceforge.net/ |
|
From: Shane M. C. <sh...@op...> - 2007-06-07 13:56:29
|
Dear all
This is a long post. I apologise for that.
SEEdit is a great tool to make SELinux easier to use. As we move
towards version 3.0 it's time to look not only at engineering, but also
at usability.
Robert J. Hanson expressed some interesting insights in the usability on
the Enigmail OpenPGP development mailing list. He has kindly given me
permission to quote them below, After Robert's text, which was created
in the context of discussion PGP key managers, I will discuss SEEdit.
=========== Robert J. Hanson on usability:
Come around, young whippersnappers, and let me spin a tale of Mihaly
Csikszentmihalyi, a guy with a last name in serious need of vowels,
but some brilliant ideas about how people interact with their tools.
He's the one who first put the idea of "being in the zone" in terms
of behavioral psychology.
Then let me tell about Colonel John Boyd of the US Air Force. Boyd
was a phenomenally capable dogfighter regardless of what aircraft he
was in, and later on went to develop a fairly common psychological
model of aircraft operations.
I'm going to be borrowing from both Csikszentmihalyi and Boyd here.
C. discovered several elements common to the experience of being in
the zone.
1. Task orientation. You have to have a desired outcome and be
intent on achieving it.
2. Focus. Unnecessary elements need to be minimized; only information
relevant to your current task should be presented. Phone calls,
emails, meetings, etc., are all fatal to the Zone.
3. Loss of self-awareness. You "get out of your own way". Anything
that draws attention to yourself should be gotten rid of.
4. Time goes wacky. Have you been working for fifteen minutes or two
hours?
5. Direct feedback. As you interact with your environment, your
environment gives clear, precise information as to how you have
changed your environment, or how your environment is changing
around you.
6. The task must be at the envelope of your capability. If it's too
easy, your mind wanders (and you lose focus, #2). If it's too hard
you can't understand the task or the feedback you're getting (#1
and #5).
7. Autonomy. You have to be in control of the situation; you cannot be
at the mercy of some outside force.
8. Progress. As you continue in your task, it must be immediately
obvious whether you're making progress or not. Progress is
sometimes phrased as "reward", which serves the same basic thing.
Achievement in the task is rewarded somehow, either by achieving
the task or increasing your capabilities or...
9. Loss of sensations. When in the zone, most people lose track of the
world except to the degree that they are aware of their actions and
the consequences.
Usually in HCI we refer to the Zone as "flow", based on some work of
C. during 1975.
Flow is peak intellectual activity. As an example, if you think
about when you're doing a great hacking run, you are almost always
immersed in a flow state. And then the phone rings, forcing you to
recognize the outside world (violating #9), to recognize that you
need to answer the phone (violating #2), and that your productivity
is basically at the mercy of those simpering idiots who keep calling
you (violating #7).
You want to construct a UI in such a way that it maximizes flow.
However, you'll probably notice something missing from C.'s
description of flow... namely, C.'s work is purely an _evaluation
mechanism_, not a _prescription_. Using C.'s work we can look at
user interfaces and evaluate them for how well they facilitate or
impair flow, but C.'s work by itself doesn't tell us how to construct
interfaces for maximal flow.
Enter John Boyd.
Boyd invented something called the OODA loop. OODA stands for
"Observation, Orientation, Detection, Action". Boyd took his
experience in dogfighting--one of the most cognitively demanding
tasks imaginable--and came up with a model which says that the
cognitive loop in a dogfight has four distinct steps.
1. Observation. You learn about your environment, who else is in the
environment, what tools are available to you in the environment,
more.
2. Orientation. You insert yourself into the mental model of your
environment. You figure out how you interact with your
environment, and how your environment can interact with you.
3. Decision. You make a choice about how to interact with your
environment.
4. Action. You interact with your environment.
According to Boyd--and since confirmed by other dogfighters such as
Chuck Yeager--is that the OODA loop is repeated very, very quickly in
air combat; and the victor is usually the one who can run through the
OODA loop fastest.
This insight has driven Air Force dogfighting doctrine for more than
50 years. As an example, the F-22 Raptor is a phenomenally advanced
jet fighter. What makes it so advanced is mostly its avionics.
Everything in the cockpit is designed to make the OODA loop as fast
and as accurate as possible. This turns out to have a much, much
greater improvement in combat effectiveness than, say, better engines
or longer-ranged missiles.
<...>
Now, a couple of semesters ago I took the graduate-level HCI course.
During it I chose to analyze existing key managers. (Enigmail was
not one of them; it was GPA, Kgpg, and PGP 9.5.) My experimental
results suggested that we really, really needed to think about key
managers in terms of the OODA loop.
PGP 5 introduced a UI which has heavily influenced UI designs ever
since, despite the fact so many HCI studies have shown that it's a
miserable failure. The reason why is simple: the PGP 5 style of UI
has an absolutely murderous first half of the OODA loop.
The Enigmail key manager is strongly patterned on the PGP 5 UI.
That's the bad news.
I'm looking right now at the key manager in Enigmail 0.94.3-tb15.
Immediately I see a small searchbox at the top, "Filter for user ID's
or key ID's containing:". Hmm. If I'm a new user, do I know what a
user ID is? A key ID? Okay, I don't understand that. Let's
continue looking over the interface, giving it a quick gloss.
Beneath, I see six columns. "Account / User ID". Huh? Is there a
difference between an account and a user ID? Never mind, I'll figure
that out later... how do I tell which ones are accounts and which
ones are user IDs?
"Key ID". Okay. Those are all some numbers, kind of random
looking... what am I looking for here? I don't know. Crap.
"Type". "Calculated trust". "Owner trust". "Expiry". I don't know
any of this crap, I just want to find John Clizbe's key, damn it.
Okay, so there's Aaron McCaleb's key at the top, and Brian Gough's at
the bottom... ah, this is in alphabetical order, so I can just
scroll, right?
Okay. I scroll down and find "John P. Clizbe". Wait. One says
"trusted" and the other says "-". One says "Marginal" and the other
says "-". What?
There's no obvious way to call up a Key Properties window. A double-
click on the entry pops one up, but you know what? This still gives
me the exact same information as the big complex table widget, it
just gives it to me in a different form and tells me about these
things called "subkeys".
How the hell am I supposed to sign this key? John told me I need to
give a "local signature". Ah! Edit-->Sign Key! Gotcha. Okay. There.
... That's the kind of internal dialog a user has to do in order to
complete a basic task. It shouldn't be so complicated. Let's try
something else instead. Imagine a user interface which starts not
with a display of _all_ the keys, but instead prompts you to describe
the key you're looking for. As you enter stuff, it populates a table
with things that match. In other words, this is almost exactly the
same as what happens when you type into the search box.
So why not remove the tree display when there's no text in the
searchbox? Presto: you've reduced the amount of unnecessary
information _enormously_ just with that one small step.
But why do we have a table/tree display at all?
HCI LESSON FOR TABLES:
Tables and tree views are meant for information that requires
context. If you're displaying the population of the various
countries of Africa, the population of Kenya might be relevant to
someone who's nominally looking for the population of Somalia,
another country in the same area. Tables and trees are great at
presenting large amounts of contextual information.
But they _suck_ when people use them for presenting large amounts of
information, period. You see tables in almanacs and encyclopedias
for a simple reason--paper can't do live updates based on searching.
Instead, you drown people in irrelevant information. This slows down
the OODA loop and detracts from the "focus" element of being in the
Zone.
If I'm looking for a key and I know "cliz" is in the name, should I
really have to see Jeff Tickle's key? Or John Hawley's? That's not
context: that's _noise_.
On the other hand, if I'm searching for a key with "cliz" in the
name, then "John P. Clizbe (OpenPGP Card test key)" and "John P.
Clizbe" are both contextually relevant. Display them.
Moral of the story: _please, please, don't use trees and tables as a
replacement for an interactive design._
APPLYING THE LESSON:
Why do we need to display all of this information? Why not have the
user input a search term and display a simple, two-column table of
the keys that match? Imagine two columns reading NAME and KEY ID.
Note that it's _name_, not _key_. Populate the tables with the user
IDs that match a given request, and what key ID they correspond to.
By reducing the amount of information we present to the user _in the
beginning_, we make it easier to find and select precisely what we
want. Once we've selected it, we double-click, we open up a Key
Management window that tells the user what kinds of information are
available. E.g., "for plain English, click here... for subkeys,
click here... for signatures, click here... for designated revokers,
click here..."
Now we've shortened the OODA cycle enormously. When the user starts
up, the environment is blank except for one box: SEARCH. The user
observes that very quickly. The user recognizes that all access goes
through SEARCH, and so orientation goes very quickly. The user
decides what to search for, enters it, gets an updated list of user
IDs. All the user IDs shown are relevant to the search, allowing the
user to quickly choose which one to get more information on. OODA
cycle one, complete.
OODA cycle two starts when the user double-clicks on a key. Bang,
summary information in plain English, along with descriptions of what
other information is available and what can be done. Etc., etc.
OODA cycle two complete; the user clicks on "Signatures" (because,
after all, John told them to make a "local signature").
OODA cycle three starts when the user sees the Signatures tab and a
big, obvious button at the top: "Sign this key". Bang, OODA cycle
three is done almost before it begins.
Three tight OODA cycles to perform a local signature. That's not
bad, I think.
Tristan Thiede and I built a demonstration of our OODA-focused user
interface for key management. You can find it on Sourceforge as
Occulti (http://sourceforge.net/projects/occulti). Development on
the Windows version ended with the end of the semester, but I'm still
working on an OS X front-end.
You may find Occulti worth looking at if you want to see an example
of an OODA-centered manager. And then again, you may not. :)
===========
I have been testing SEEdit on Fedora 7. Our interface currently has
some problems, especially with the Observation, Orientation, Decision
and Action cycle.
Let's review that.
1. Observation. You learn about your environment, who else is in the
environment, what tools are available to you in the environment,
more.
2. Orientation. You insert yourself into the mental model of your
environment. You figure out how you interact with your
environment, and how your environment can interact with you.
3. Decision. You make a choice about how to interact with your
environment.
4. Action. You interact with your environment.
When people open SEEdit the first interface shows simple enough options
like editing a policy. However, the entire process of going from no
policy to having a policy applied is opaque. We need to make it as
simple as possible.
I've begun playing with GLADE GTK+ editor to create a proposed interface
for 3.0. First of all I'm trying to simplify the current interface.
After that is done let's consider the possibility of redesigning the
approach for the next generation of the tool.
I am sorry for my slow progress lately. Work has been really busy.
Regards
Shane
--
Shane Martin Coughlan
e: sh...@op...
m: +447773180107 (UK) +353862262570 (Ire)
w: www.opendawn.com
---
OpenPGP: http://www.opendawn.com/shane/publickey.asc
|
|
From: Yuichi N. <him...@mi...> - 2007-05-16 14:03:34
|
Hi. On Wed, 16 May 2007 15:54:22 +0200 Shane Martin Coughlan wrote: > Yuichi Nakamura wrote: > > You mean you are executing seedit on 64 bit environment? > > If you run seedit on 64bit machine, > > I think you have to build src.rpm on 64bit environment. > > #Unfortunatelly, I do not have 64bit machine. > > Hi Yuichi > > I wonder if we can use virtual machines for this? I have no idea. I've > got very little experience with virtual machines. I think VMware has 64bit support when creating new virtual machine. We may be able to use that. Regards, Yuichi Nakamura |
|
From: Shane M. C. <sh...@op...> - 2007-05-16 13:54:30
|
Yuichi Nakamura wrote: > You mean you are executing seedit on 64 bit environment? > If you run seedit on 64bit machine,=20 > I think you have to build src.rpm on 64bit environment. > #Unfortunatelly, I do not have 64bit machine. Hi Yuichi I wonder if we can use virtual machines for this? I have no idea. I've got very little experience with virtual machines. Regards Shane --=20 Shane Martin Coughlan e: sh...@op... m: +447773180107 (UK) +353862262570 (Ire) w: www.opendawn.com --- OpenPGP: http://www.opendawn.com/shane/publickey.asc |
|
From: Yuichi N. <him...@mi...> - 2007-05-16 13:50:08
|
Hi. On Wed, 16 May 2007 14:49:19 +0200 Ana Silva wrote: > Hello Himainu, > > We have a problem with CentOS and Seedit. When we execute "seedit-init" > and reboot, the system never initialize the files because when we > execute "seedit-gui" it says that is needed to execute "seedit-init" > again and reboot. > > We think that this is caused by architecture problems, because rmp > packets are built for 32 bits and not for 64 bits. > Can you help me to solve this problem? You mean you are executing seedit on 64 bit environment? If you run seedit on 64bit machine, I think you have to build src.rpm on 64bit environment. #Unfortunatelly, I do not have 64bit machine. You have to download "seedit-2.1.0-1.cos4.src.rpm" from http://sourceforge.net/project/showfiles.php?group_id=135756 and rebuild on 64bit machine. Regards, Yuichi Nakamura |
|
From: Yuichi N. <him...@mi...> - 2007-05-16 13:43:28
|
Hi. > does seedit support reference policy? > thanks Sorry, it does not support reference policy.. I want the feature, but I think it needs a lot of work. On Wed, 16 May 2007 00:00:29 -0700 (PDT) somayeh afzali wrote: > hi, > does seedit support reference policy? > thanks > > > --------------------------------- > Got a little couch potato? > Check out fun summer activities for kids. |
|
From: Ana S. <as...@ci...> - 2007-05-16 12:49:57
|
Hello Himainu, We have a problem with CentOS and Seedit. When we execute "seedit-init" and reboot, the system never initialize the files because when we execute "seedit-gui" it says that is needed to execute "seedit-init" again and reboot. We think that this is caused by architecture problems, because rmp packets are built for 32 bits and not for 64 bits. Can you help me to solve this problem? Regards -- Ana Silva Gallego Sistemas Centro Informático Científico de Andalucía (CICA) Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain) Tfno.: +34 955 056 600 / +34 955 056 632 / FAX: +34 955 056 650 Consejería de Innovación, Ciencia y Empresa Junta de Andalucía --------------------------------------------------- Este mensaje esta firmado digitalmente. Para poder reconocer la firma desde su cliente debera tener instalado el certificado raiz de la CA del CICA en el mismo. Puede descargarlo desde: http://pki.cica.es/cacert/ --------------------------------------------------- |
|
From: <him...@mi...> - 2007-01-25 01:51:21
|
Hi, seedit-devel subscribers. I have moved seedit-devel list from sourceforge.net to http://opendawn.com/mailman/listinfo/seedit-devel_opendawn.com It is for administrative reasons. If you have still interest in seedit, please subscribe http://opendawn.com/mailman/listinfo/seedit-devel_opendawn.com I will make effort to report what's happening to seedit project, in the list. Yuichi Nakamura |
|
From: Yuichi N. <him...@mi...> - 2006-11-11 14:01:26
|
Hi, Thanks for using seedit. On Sat, 11 Nov 2006 13:28:41 +0200 "Soto Petroul" wrote: > [root ~]# audit2spdl -al > Traceback (most recent call last): > File "/usr/bin/audit2spdl", line 77, in ? > lines = readLog(input, gLoadPolicyFlag) > File "/usr/lib/seedit/audit2spdl.py", line 69, in readLog > lineBuf.pop() > IndexError: pop from empty list I think this is a bug in 2.1.0 beta2. What happens if you modify /usr/lib/seedit/audit2spdl.py. * Before: Line 69: lineBuf.pop() Line 79: continue * After: Line 69: lineBuf.pop() Line 79: continue # "continue" is indented one level Beta 2 contains a lot of bugs. I am developping beta 4. Many bug fixes will be included here. Yuichi Nakamura |
