selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: [PATCH 04/13] libsemanage: split final files into /

Re: [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp

From: Stephen Smalley <sds_at_nospam>
Date: Fri Jan 08 2010 - 21:04:14 GMT
To: Joshua Brindle <method@manicmethod.com>


On Fri, 2010-01-08 at 16:02 -0500, Joshua Brindle wrote:
> Stephen Smalley wrote:
> > On Fri, 2010-01-08 at 15:51 -0500, Joshua Brindle wrote:
> >> Joshua Brindle wrote:
> >>>
> >>> Stephen Smalley wrote:
> >>>> On Fri, 2010-01-08 at 15:19 -0500, Joshua Brindle wrote:
> >> <snip>
> >>> oops, I foolishly scanned looking for policy.kern.
> >>>
> >> No, it is worse than that, I wasn't actually running the code I was
> >> claiming to (as evidenced by the priority level and hll files)
> >>
> >> Up to patch 4 my /var/lib/selinux now looks like this:
> >>
> >> [root@F12 active]# find /var/lib/selinux/
> >> /var/lib/selinux/
> >> /var/lib/selinux/targeted
> >> /var/lib/selinux/targeted/semanage.read.LOCK
> >> /var/lib/selinux/targeted/semanage.trans.LOCK
> >> /var/lib/selinux/targeted/active
> >> /var/lib/selinux/targeted/active/modules
> >> /var/lib/selinux/targeted/active/modules/abrt.pp
> >> /var/lib/selinux/targeted/active/modules/ada.pp
> >> ...
> >> /var/lib/selinux/targeted/active/modules/xguest.pp
> >> /var/lib/selinux/targeted/active/modules/zabbix.pp
> >> /var/lib/selinux/targeted/active/modules/zebra.pp
> >> /var/lib/selinux/targeted/active/modules/zosremote.pp
> >> /var/lib/selinux/targeted/active/base.pp
> >> /var/lib/selinux/targeted/active/file_contexts.template
> >> /var/lib/selinux/targeted/active/homedir_template
> >> /var/lib/selinux/targeted/active/users_extra
> >> /var/lib/selinux/targeted/active/commit_num
> >> /var/lib/selinux/tmp
> >>
> >>
> >> so I don't have any final files in targeted anymore, though I didn't try
> >> to stop semodule half-way and look in tmp.
> >
> > I haven't tried only up through patch 4, only with all 13 patches
> > applied.
> >
> > Also, I have all Fedora policies installed (yum install
> > selinux-policy*), so I have mls, targeted, and minimum, although
> > targeted is the active one.
> >
>
> Are you running the migrate script?

Yes.

> I believe it is erroneously copying
> final files into the store:
>
> + # List of paths that go in the active 'root'
> + TOPPATHS = [
> + "file_contexts",
> + "homedir_template",
> + "file_contexts.template",
> + "commit_num",
> + "ports.local",
> + "interfaces.local",
> + "nodes.local",
> + "booleans.local",
> + "file_contexts.local",
> + "seusers",
> + "users.local",
> + "users_extra.local",
> + "seusers.final",
> + "users_extra",
> + "netfilter_contexts",
> + "file_contexts.homedirs",
> + "disable_dontaudit" ]
> +
-- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.