Eric hit a bug with sepolgen handing a newer kernel version then the policy handled.

Eric hit a bug with sepolgen handing a newer kernel version then the policy handled.

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 373 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This patch will look for all policyfiles installed on a machine.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzb9zIACgkQrlYvE4MpobPVcACgwGszP4lstRB6KXsu9grIo3Bj
fU8An38O1uTy+84I+yqBkzJ+Jy2Dt/EU
=FbXs
-----END PGP SIGNATURE-----

[-- Attachment #2: sepolgen-policyvers.patch --]
[-- Type: text/plain, Size: 1132 bytes --]

--- /usr/bin/sepolgen-ifgen~	2010-11-08 14:25:20.000000000 -0500
+++ /usr/bin/sepolgen-ifgen	2010-11-11 08:58:33.000000000 -0500
@@ -61,8 +61,18 @@
     return options
 
 def get_attrs():
+    vers = selinux.security_policyvers()
+    while vers > 0:
+        policy_path = selinux.selinux_binary_policy_path() + "." + str(vers)
+        if os.path.exists(policy_path):
+            break
+        vers -= 1
+
+    if vers == 0:
+        sys.stderr.write("could not open policy file %s.*\n" % selinux.selinux_binary_policy_path())
+        return None
+
     try:
-        policy_path = selinux.selinux_binary_policy_path() + "." + str(selinux.security_policyvers())
         outfile = tempfile.NamedTemporaryFile()
     except IOError, e:
         sys.stderr.write("could not open attribute output file\n")
@@ -75,7 +85,7 @@
     ret = subprocess.Popen([ATTR_HELPER, policy_path, outfile.name], stdout=fd).wait()
     fd.close()
     if ret != 0:
-        sys.stderr.write("could not run attribute helper")
+        sys.stderr.write("could not run attribute helper\n")
         return None
 
     attrs = interfaces.AttributeSet()

[-- Attachment #3: sepolgen-policyvers.patch.sig --]
[-- Type: application/pgp-signature, Size: 72 bytes --]