Problem with SElinux

Hello friends. I have a problem with generate a custom policy for Nginx. I am typing one by one:

dnf install -y binutils rpm-build setools-console policycoreutils-python3 policycoreutils-devel
sepolicy generate --init /usr/sbin/nginx
nano nginx.te
I add a line at the end
dovecot_read_config(nginx_t)
./nginx.sh

The error looks like this:
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile nginx.pp
make: ‘nginx.pp’ is up to date.
+ /usr/sbin/semodule -i nginx.pp
Problems processing filecon rules
Failed post db handling
/usr/sbin/semodule: Failed!

Rocky Linux release 8.6
selinux-policy-3.14.3-95.el8.noarch

Greetings

Hi @darvin and welcome to the forum.

I don’t really have the faintest clue on selinux stuff, except for knowing how and where to look for help. :slight_smile: That being said, I took a look around and found this:

Please check out the 2nd from the 3 examples the author gave:
(“fc file contains an entry that duplicates another entry elsewhere”)

That fits with another post I came across where someone filed a bug (suggestion) regarding the missing error details when filecon rule processing fails.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=955805

The author complains that only by adding “-v” you’ll be given crucial details about the root cause.
In that specific case, it was conflicting filecon rules in two files. See link for details.

My takeaway from these 2 posts is:

  1. Check if there is a way to make the stuff run “verbosely” and see if that reveals more information
    Since I have no clue, as said, I can’t tell you exactly where to specify the appropriate “-v” :frowning:
  2. Consider the advice from the first post linked above:
    "The semanage fcontext command can be useful to find these conflicts semanage fcontext -l |grep /bin/myscript "
    But again, since I have no clue, I’ll leave part to you where one has to find out which file/script to check. :wink:

Hope this helps :crossed_fingers:, sorry if not, Thomas