Re: [ SELINUX ] [ POLICYCOREUTILS ] Convert setsebool -P to use libsemanage

[Daniel J Walsh <dwalsh@redhat.com>]

Stephen Smalley wrote:
> On Fri, 2005-11-04 at 10:43 -0500, Ivan Gyurdiev wrote:
>   
>> So, now that this is taken care of:
>>
>> TODO:
>> - optimize commit in various ways - do not do unnecessary work, disable 
>> checking as you mentioned, move seuser validation inside the section 
>> where policydb doesn't have to be re-read back in
>> - more seuser validation (MLS fields not currently validated)
>> - fix ports, and enable those
>> - reduce error message verbosity (do not blindly print the call stack - 
>> report only info that adds value)
>>     
>
> First, we need to adjust setsebool and/or libsemanage to ensure that
> load_policy is called with -b when changing booleans, per the earlier
> message.  That should then give us working boolean support via
> libsemanage.
>
> BTW, the new setsebool presumes a system that is "managed" via
> libsemanage and already has its policy in the sandbox, so it will break
> if used on a system that hasn't been converted to that model.  Do we
> care?  Do we need to support the old behavior (direct manipulation of
> the installed booleans.local file via libselinux) as a fallback on a
> non-managed system?
>
>   
Yes I think we need to maintain the previous setsebool, otherwise we 
will need to tie. policycoreutils to policy version.



-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.