From: Dominick Grift <dac.override@gmail.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: does load_policy default to loading the lowest polvers available?
Date: Wed, 14 Oct 2015 20:07:44 +0200 [thread overview]
Message-ID: <20151014180743.GD15883@x250> (raw)
In-Reply-To: <561E937A.9080909@tycho.nsa.gov>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Wed, Oct 14, 2015 at 01:40:10PM -0400, Stephen Smalley wrote:
> On 10/14/2015 01:38 PM, Dominick Grift wrote:
> >On Wed, Oct 14, 2015 at 07:34:16PM +0200, Dominick Grift wrote:
> >
> >>Setools(4) doesnt work with my policy (it can't deal with cil namespaces
> >>seemingly, and returns non-sense)
> >
> >
> >Besides. did you know that setools (4) does not use
> >/sys/fs/selinux/policy? It uses /etc/selinux/SELINUXTYPE/policy/policy.X
> >instead. This sounded to me like a bad idea. Mainly because you don't
> >know if the /etc/selinux/SELINUXTYPE/policy/policy.X is the policy that
> >is currently actually loaded into the system.
>
> It should use selinux_current_policy_path() to find the policy.
>
> In any event, did you try compute_av from libselinux on the system in
> question?
>
Demo, proof (only 8 minutes long):
https://www.youtube.com/watch?v=iNOxp2d_ws0
I demonstrates the inconsistency, also it proves that the rules are
loaded
>
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
- --
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
https://sks-keyservers.net/pks/lookup?op=get&search=0x314883A202DFF788
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCgAGBQJWHpnrAAoJENAR6kfG5xmcpkUL/jLi74ktX9Fy9uzs1pG3DtKi
67+455YxFjjpLvoZxezeGHQkMKRs16uOv1yb9J4zWzQ+veDUOasfmylmKlJxE8Zx
oO7OcwAYv778Nr7PMPx90IFlYCz2plmk3S1rlx2HsoUyhxQbLh4xPV3apZtjlyle
TpzNsL1muqukjplISSc6d46OkTbtmNirWFBKzZYL6mE+XGJrU/DaZMVqguQPVedP
WWgE/R5nhr+0fqmT6chsZA7DCHfuy24fdRyMDu1pqip2RyfO1VR+5mWG/4MOSZn4
cXCZ/rbV9peSNsUgDUtKgnNWlUUYD6WQEVpuqh0pMrP577KgFSXnwGlcsCziubeK
2WPzSqTY+1j8rKiiWkIgtUi01S2CgpJvQ4EkDq4jZYr332Gk7gRQFQx1RLUukbdN
EZYxtVn92nR+lhtdgChATKRIHM9LG61FZO1iXyjpKje1edH3CgBDgHAGVv3UoObe
1Ruo3Mr1N3aSH6Wph64VEZReIneISKVMU8a1LTY23g==
=TKEp
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2015-10-14 18:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-14 13:34 does load_policy default to loading the lowest polvers available? Dominick Grift
2015-10-14 13:56 ` Stephen Smalley
2015-10-14 14:11 ` Dominick Grift
2015-10-14 14:17 ` Stephen Smalley
2015-10-14 14:29 ` Dominick Grift
2015-10-14 15:44 ` Stephen Smalley
2015-10-14 15:48 ` Dominick Grift
2015-10-14 16:05 ` Stephen Smalley
2015-10-14 16:26 ` Dominick Grift
2015-10-14 16:41 ` Dominick Grift
2015-10-14 16:53 ` Stephen Smalley
2015-10-14 17:34 ` Dominick Grift
2015-10-14 17:38 ` Dominick Grift
2015-10-14 17:40 ` Stephen Smalley
2015-10-14 17:51 ` Dominick Grift
2015-10-14 18:07 ` Dominick Grift [this message]
2015-10-14 20:30 ` Christopher J. PeBenito
2015-10-14 20:34 ` Dominick Grift
2015-10-15 11:58 ` Richard Haines
2015-10-15 12:08 ` Dominick Grift
2015-10-14 18:52 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2015-11-26 16:51 Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151014180743.GD15883@x250 \
--to=dac.override@gmail.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.