All of lore.kernel.org
 help / color / mirror / Atom feed
* [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ...
@ 2013-09-27  9:26 Dominick Grift
  2013-09-27 20:00 ` Christopher J. PeBenito
  0 siblings, 1 reply; 5+ messages in thread
From: Dominick Grift @ 2013-09-27  9:26 UTC (permalink / raw)
  To: refpolicy


Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ec01d0b..246fa97 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -492,6 +492,7 @@
 seutil_libselinux_linked(semanage_t)
 seutil_manage_file_contexts(semanage_t)
 seutil_manage_config(semanage_t)
+seutil_manage_config_dirs(semanage_t)
 seutil_run_setfiles(semanage_t, semanage_roles)
 seutil_run_loadpolicy(semanage_t, semanage_roles)
 seutil_manage_bin_policy(semanage_t)

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ...
  2013-09-27  9:26 [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a Dominick Grift
@ 2013-09-27 20:00 ` Christopher J. PeBenito
  2013-09-27 20:06   ` Dominick Grift
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2013-09-27 20:00 UTC (permalink / raw)
  To: refpolicy

On Fri 27 Sep 2013 05:26:55 AM EDT, Dominick Grift wrote:
>
> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> index ec01d0b..246fa97 100644
> --- a/policy/modules/system/selinuxutil.te
> +++ b/policy/modules/system/selinuxutil.te
> @@ -492,6 +492,7 @@
>  seutil_libselinux_linked(semanage_t)
>  seutil_manage_file_contexts(semanage_t)
>  seutil_manage_config(semanage_t)
> +seutil_manage_config_dirs(semanage_t)
>  seutil_run_setfiles(semanage_t, semanage_roles)
>  seutil_run_loadpolicy(semanage_t, semanage_roles)
>  seutil_manage_bin_policy(semanage_t)

Sounds like mislabeled files.  Everything under /etc/selinux/*/modules 
should be semanage_store_t.

--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ...
  2013-09-27 20:00 ` Christopher J. PeBenito
@ 2013-09-27 20:06   ` Dominick Grift
  2013-09-27 20:23     ` Christopher J. PeBenito
  0 siblings, 1 reply; 5+ messages in thread
From: Dominick Grift @ 2013-09-27 20:06 UTC (permalink / raw)
  To: refpolicy

On Fri, 2013-09-27 at 16:00 -0400, Christopher J. PeBenito wrote:
> On Fri 27 Sep 2013 05:26:55 AM EDT, Dominick Grift wrote:
> >
> > Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> > diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> > index ec01d0b..246fa97 100644
> > --- a/policy/modules/system/selinuxutil.te
> > +++ b/policy/modules/system/selinuxutil.te
> > @@ -492,6 +492,7 @@
> >  seutil_libselinux_linked(semanage_t)
> >  seutil_manage_file_contexts(semanage_t)
> >  seutil_manage_config(semanage_t)
> > +seutil_manage_config_dirs(semanage_t)
> >  seutil_run_setfiles(semanage_t, semanage_roles)
> >  seutil_run_loadpolicy(semanage_t, semanage_roles)
> >  seutil_manage_bin_policy(semanage_t)
> 
> Sounds like mislabeled files.  Everything under /etc/selinux/*/modules 
> should be semanage_store_t.

Not really its create a tmp dir under /etc/selinux/default/modules
(inheriting the type of the parent) then it renames, and removes that
dir.

You want me to tell selinux that semanage_t creates that tmp dir with a
type transition from selinux_config_t to semanage_store_t?

> 
> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ...
  2013-09-27 20:06   ` Dominick Grift
@ 2013-09-27 20:23     ` Christopher J. PeBenito
  2013-09-27 20:25       ` Dominick Grift
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2013-09-27 20:23 UTC (permalink / raw)
  To: refpolicy

On Fri 27 Sep 2013 04:06:04 PM EDT, Dominick Grift wrote:
> On Fri, 2013-09-27 at 16:00 -0400, Christopher J. PeBenito wrote:
>> On Fri 27 Sep 2013 05:26:55 AM EDT, Dominick Grift wrote:
>>>
>>> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
>>> diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
>>> index ec01d0b..246fa97 100644
>>> --- a/policy/modules/system/selinuxutil.te
>>> +++ b/policy/modules/system/selinuxutil.te
>>> @@ -492,6 +492,7 @@
>>>  seutil_libselinux_linked(semanage_t)
>>>  seutil_manage_file_contexts(semanage_t)
>>>  seutil_manage_config(semanage_t)
>>> +seutil_manage_config_dirs(semanage_t)
>>>  seutil_run_setfiles(semanage_t, semanage_roles)
>>>  seutil_run_loadpolicy(semanage_t, semanage_roles)
>>>  seutil_manage_bin_policy(semanage_t)
>>
>> Sounds like mislabeled files.  Everything under /etc/selinux/*/modules
>> should be semanage_store_t.
>
> Not really its create a tmp dir under /etc/selinux/default/modules
> (inheriting the type of the parent) then it renames, and removes that
> dir.
>
> You want me to tell selinux that semanage_t creates that tmp dir with a
> type transition from selinux_config_t to semanage_store_t?

That seems like a better choice.  Alternatively we can look at making 
the fc change to:

/etc/selinux/([^/]*/)?modules(/.*)? 
gen_context(system_u:object_r:semanage_store_t,s0)

but that may have a broader impact.

--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
* [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a ...
  2013-09-27 20:23     ` Christopher J. PeBenito
@ 2013-09-27 20:25       ` Dominick Grift
  0 siblings, 0 replies; 5+ messages in thread
From: Dominick Grift @ 2013-09-27 20:25 UTC (permalink / raw)
  To: refpolicy

On Fri, 2013-09-27 at 16:23 -0400, Christopher J. PeBenito wrote:
> On Fri 27 Sep 2013 04:06:04 PM EDT, Dominick Grift wrote:
> > On Fri, 2013-09-27 at 16:00 -0400, Christopher J. PeBenito wrote:
> >> On Fri 27 Sep 2013 05:26:55 AM EDT, Dominick Grift wrote:
> >>>
> >>> Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
> >>> diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
> >>> index ec01d0b..246fa97 100644
> >>> --- a/policy/modules/system/selinuxutil.te
> >>> +++ b/policy/modules/system/selinuxutil.te
> >>> @@ -492,6 +492,7 @@
> >>>  seutil_libselinux_linked(semanage_t)
> >>>  seutil_manage_file_contexts(semanage_t)
> >>>  seutil_manage_config(semanage_t)
> >>> +seutil_manage_config_dirs(semanage_t)
> >>>  seutil_run_setfiles(semanage_t, semanage_roles)
> >>>  seutil_run_loadpolicy(semanage_t, semanage_roles)
> >>>  seutil_manage_bin_policy(semanage_t)
> >>
> >> Sounds like mislabeled files.  Everything under /etc/selinux/*/modules
> >> should be semanage_store_t.
> >
> > Not really its create a tmp dir under /etc/selinux/default/modules
> > (inheriting the type of the parent) then it renames, and removes that
> > dir.
> >
> > You want me to tell selinux that semanage_t creates that tmp dir with a
> > type transition from selinux_config_t to semanage_store_t?
> 
> That seems like a better choice.  Alternatively we can look at making 
> the fc change to:
> 
> /etc/selinux/([^/]*/)?modules(/.*)? 
> gen_context(system_u:object_r:semanage_store_t,s0)
> 
> but that may have a broader impact.
> 

Ok i will take my time and investage this further

> --
> Chris PeBenito
> Tresys Technology, LLC
> www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-09-27 20:25 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-27  9:26 [refpolicy] [PATCH] selinuxutil: semanage create, rmdir, rename directories tmp, active, previous in /etc/selinux/default/modules/ when i use semanage fcontext -a Dominick Grift
2013-09-27 20:00 ` Christopher J. PeBenito
2013-09-27 20:06   ` Dominick Grift
2013-09-27 20:23     ` Christopher J. PeBenito
2013-09-27 20:25       ` Dominick Grift

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.