From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: SELinux <selinux@tycho.nsa.gov>, Karel Srot <ksrot@redhat.com>,
Steve Lawrence <slawrence@tresys.com>
Subject: Re: Fwd: How to extract file context patterns from selinux module
Date: Fri, 29 Jul 2011 11:10:55 -0400 [thread overview]
Message-ID: <4E32CD7F.9000902@redhat.com> (raw)
In-Reply-To: <1311946147.12720.26.camel@moss-pluto>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/29/2011 09:29 AM, Stephen Smalley wrote:
> On Fri, 2011-07-29 at 08:06 -0400, Daniel J Walsh wrote:
>> Hi, could you please help me with following problem? I would like
>> to extract context patterns from a selinux module. I know there are
>> placed at the end of the module but I don't know (and didn't find)
>> the module structure. Therefore I don't know how to parse them (if
>> there are any in the module).
>>
>> Thank you in advance Karel Srot
>>
>> $ tail abrt.pp var/cache/abrt-di(/.*)?
>> system_u:object_r:abrt_var_cache_t:s0 /var/log/abrt-logger --
>> system_u:object_r:abrt_var_log_t:s0 /var/run/abrt\.pid --
>> system_u:object_r:abrt_var_run_t:s0 /var/run/abrtd?\.lock --
>> system_u:object_r:abrt_var_run_t:s0 /var/run/abrtd?\.socket -s
>> system_u:object_r:abrt_var_run_t:s0 /var/run/abrt(/.*)?
>> system_u:object_r:abrt_var_run_t:s0 ...
>
> I created this program a while ago to support unpacking the .mod
> file from the .pp file, and just extended it to optionally unpack the
> .fc file as well. If people find it useful, we could perhaps add it
> to policycoreutils.
>
> $ gcc -lsepol -o semodule_unpackage semodule_unpackage.c $ bunzip2 -c
> /usr/share/selinux/targeted/apache.pp.bz2 > apache.pp $
> semodule_unpackage apache.pp apache.mod apache.fc $ cat apache.fc
>
The real goal should be to get back to te file?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4yzX8ACgkQrlYvE4MpobNxrQCgvYNFSjBXq/RL2ZS+je1O6QR6
WDgAni1bKNAOm/2YeThXOWyPw+UXYuAK
=MwWQ
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2011-07-29 15:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1311941001.7994.4.camel@dhcp-30-102.brq.redhat.com>
2011-07-29 12:06 ` Fwd: How to extract file context patterns from selinux module Daniel J Walsh
2011-07-29 13:29 ` Stephen Smalley
2011-07-29 15:03 ` Daniel J Walsh
2011-07-29 15:10 ` Daniel J Walsh [this message]
2011-07-29 16:04 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E32CD7F.9000902@redhat.com \
--to=dwalsh@redhat.com \
--cc=ksrot@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=slawrence@tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.