From: Steve Lawrence <slawrence@tresys.com>
To: Dominick Grift <dominick.grift@gmail.com>, <selinux@tycho.nsa.gov>
Subject: Re: secilc: is anyone able to confirm that type_change ...
Date: Mon, 7 Jul 2014 10:00:33 -0400 [thread overview]
Message-ID: <53BAA801.8070308@tresys.com> (raw)
In-Reply-To: <1404652323.9852.49.camel@x220.localdomain>
On 07/06/2014 09:12 AM, Dominick Grift wrote:
> On Sat, 2014-07-05 at 14:39 +0200, Dominick Grift wrote:
>> ... rules are no longer honored using policy compiled with any of the
>> recent secilc revisions?
>>
>> My login programs no longer relabel my login tts/pts, even though my
>> policy has, what i believe are, proper type_change rules.
>>
>>
>
> the compute_relabel command from libselinux-utils does the right thing.
> Still for some reason the login programs do not relabelto the type. (the
> identity is relabeled)
>
> How can this be? sesearch shows the type_change rules, compute_relabel
> shows the expected result, yet some how all login program's i have tried
> consistently ignore the type (but not the identity)
>
> I have been running SSHD in debug mode in hopes to get some more
> information but as far as SSHD is concerned all is fine. It almost seems
> it is just not aware of the type (needless to say the type is there and
> usable)
>
I can't reproduce the problem with my test policies. The typechange
statements look like they are correctly inserted into the binary and I
am seeing the expected type changes at runtime.
Is this with your monogam policy?
next prev parent reply other threads:[~2014-07-07 14:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-05 12:39 secilc: is anyone able to confirm that type_change Dominick Grift
2014-07-06 13:12 ` Dominick Grift
2014-07-07 14:00 ` Steve Lawrence [this message]
2014-07-07 14:24 ` Dominick Grift
2014-07-07 14:45 ` Dominick Grift
2014-07-08 19:21 ` Steve Lawrence
2014-07-08 19:31 ` Dominick Grift
2014-07-08 19:35 ` Stephen Smalley
2014-07-09 15:10 ` Daniel J Walsh
2014-07-09 15:18 ` Stephen Smalley
2014-07-09 15:35 ` Stephen Smalley
2014-07-09 21:37 ` Daniel J Walsh
2014-07-09 15:31 ` Daniel J Walsh
2014-07-09 15:37 ` Dominick Grift
2014-07-09 16:01 ` Stephen Smalley
2014-07-09 16:14 ` Dominick Grift
2014-07-09 18:45 ` Stephen Smalley
2014-07-09 16:15 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53BAA801.8070308@tresys.com \
--to=slawrence@tresys.com \
--cc=dominick.grift@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.