From mboxrd@z Thu Jan 1 00:00:00 1970 From: dominick.grift@gmail.com (Dominick Grift) Date: Fri, 27 Sep 2013 22:06:04 +0200 Subject: [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ... In-Reply-To: <5245E3D5.8070309@tresys.com> References: <1380274015-28055-1-git-send-email-dominick.grift@gmail.com> <5245E3D5.8070309@tresys.com> Message-ID: <1380312364.23967.2.camel@d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2013-09-27 at 16:00 -0400, Christopher J. PeBenito wrote: > On Fri 27 Sep 2013 05:26:55 AM EDT, Dominick Grift wrote: > > > > Signed-off-by: Dominick Grift > > diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te > > index ec01d0b..246fa97 100644 > > --- a/policy/modules/system/selinuxutil.te > > +++ b/policy/modules/system/selinuxutil.te > > @@ -492,6 +492,7 @@ > > seutil_libselinux_linked(semanage_t) > > seutil_manage_file_contexts(semanage_t) > > seutil_manage_config(semanage_t) > > +seutil_manage_config_dirs(semanage_t) > > seutil_run_setfiles(semanage_t, semanage_roles) > > seutil_run_loadpolicy(semanage_t, semanage_roles) > > seutil_manage_bin_policy(semanage_t) > > Sounds like mislabeled files. Everything under /etc/selinux/*/modules > should be semanage_store_t. Not really its create a tmp dir under /etc/selinux/default/modules (inheriting the type of the parent) then it renames, and removes that dir. You want me to tell selinux that semanage_t creates that tmp dir with a type transition from selinux_config_t to semanage_store_t? > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com