From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Qva3W-0007tR-40 for garchives@archives.gentoo.org; Mon, 22 Aug 2011 19:21:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A776021C071; Mon, 22 Aug 2011 19:20:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 7552921C085 for ; Mon, 22 Aug 2011 19:20:53 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5F3621B4036 for ; Mon, 22 Aug 2011 19:20:52 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id 7210D80043 for ; Mon, 22 Aug 2011 19:20:51 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <33c798db8e4821f50f067978b212114c6f0863a9.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/ X-VCS-Repository: proj/hardened-docs X-VCS-Files: xml/selinux-faq.xml X-VCS-Directories: xml/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 33c798db8e4821f50f067978b212114c6f0863a9 Date: Mon, 22 Aug 2011 19:20:51 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: dbeec835895fd4f8784968662c7a522f commit: 33c798db8e4821f50f067978b212114c6f0863a9 Author: Sven Vermeulen siphos be> AuthorDate: Mon Aug 22 19:17:11 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Mon Aug 22 19:17:11 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs= .git;a=3Dcommit;h=3D33c798db Adding FAQ entry on the policy version mixing !#^$@=C2=B0=C3=A0 --- xml/selinux-faq.xml | 57 +++++++++++++++++++++++++++++++++++++++++++++= ++++- 1 files changed, 55 insertions(+), 2 deletions(-) diff --git a/xml/selinux-faq.xml b/xml/selinux-faq.xml index 35fc742..961c4fd 100644 --- a/xml/selinux-faq.xml +++ b/xml/selinux-faq.xml @@ -17,8 +17,8 @@ The FAQ is a collection of solutions found on IRC, mail= inglist, forums or elsewhere =20 -11 -2011-08-10 +12 +2011-08-22 =20 Questions @@ -601,5 +601,58 @@ Another fix would be to disable UBAC completely. Thi= s is accomplished with =20 +
+When querying the policy, I get 'ERROR: could not find datum for = type ...' + + +

+When using seinfo or sesearch to query the policy on the s= ystem, +you get errors similar to: +

+ +
+~# seinfo -tasterisk_t
+ERROR: could not find datum for type asterisk_t
+
+ +

+This is most likely because your tools are using a newer binary policy t= o +enforce policy, but an older binary for querying. You can verify if this= is the +case by listing the last modification time on the files: +

+ +
+~# ls -ltr /etc/selinux/strict/policy/policy.*
+
+ +

+The file modified last should be the same one as returned by checking +/selinux/policyvers: +

+ +
+~# cat /selinux/policyvers; echo
+24
+
+ +

+If this is not the case (which is very likely since you are reading this= FAQ +entry) then try forcing the utilities policy version to the correct vers= ion: +

+ +
+~# vim /etc/selinux/semanage.conf
+# Look for and uncomment the policy-version line and set it to =
the right version
+policy-version =3D 24
+
+ + +If your system is upgrading its kernel, higher version(s) can be support= ed. In +this case, either unset the value again to automatically "jump" to a hig= her +version, or force set it to the higher version. + + + +