selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: [PATCH 13/13] semanage store migration script

Re: [PATCH 13/13] semanage store migration script

From: Stephen Smalley <sds_at_nospam>
Date: Fri Jan 08 2010 - 15:34:53 GMT
To: Caleb Case <ccase@tresys.com>


On Wed, 2009-12-23 at 18:26 -0500, Caleb Case wrote:
> We created a migration script to ease the burden of transition from the
> old libsemanage store layout to the new. The script will detect all the
> stores in /etc/selinux using the old layout and convert them to the new
> layout in /var/lib/selinux. It also allows you to specify the default
> priority to use with -p and store to operate on with -s. After migration
> the script by default will leave the old store unchanged, but can be
> told to remove the old modules directory with -c.
>
> Examples:
>
> # Migrate all stores to the new layout.
> migrate.py
>
> Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
> Attempting to rebuild policy from /var/lib/selinux
>
> # Migrate only the targeted store.
> migrate.py -s targeted
>
> Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
> Attempting to rebuild policy from /var/lib/selinux
>
> # Migrate all, but install to priority 150.
> migrate.py -p 150
>
> Migrating from /etc/selinux/targeted/modules/active to /var/lib/selinux/targeted/active
> Attempting to rebuild policy from /var/lib/selinux

I tried the following:
semanage login -a -s user_u pi
cp -a /etc/selinux /etc/selinux.orig
install new userland
migrate.py
diff -ru /etc/selinux.orig /etc/selinux

The seusers entry for "pi" was dropped from the final seusers file in the rebuilt policy. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.