One more problem with genhomedircon replacement.

One more problem with genhomedircon replacement.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Shadow-utils and perhaps others execute genhomedircon when adding users
or modifying the homedir.  They are blowing up because the executable
genhomedircon no longer exists.  I would like to just put out a script
that would call semanage to tell it to run the semanage_genhomedircon().

I also think it is useful to have the ability to execute this without a
rebuild/reload of policy for when the admin executes vipw or any other
way of adding a user to the system

But there are no Python bindings and no way to call this via semodule.

I can call semanage -Bn, but this is slow and cumberson.


I looked into why semanage_genhomedircon is not in a python binding, but
it uses sepol_policydb_t * policydb, which we would need to build.

So what is the best way to do this?

Dan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHBOz4rlYvE4MpobMRAhPkAKCO4WCyQYQyxkSyfOOufo77HtgaCgCeMatS
f6pmBcQoObZevpjtTdCFMHo=
=wCF/
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: One more problem with genhomedircon replacement.

[Todd Miller]

I wrote a small genhomedircon frontend for test purposes and it was not
significantly faster than "semodule -Bn" since we still have to create
an semanage tmp dir, populate it, and merge local policy into base
before the actual genhomedircon code can run.

 - todd


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.