All of lore.kernel.org
 help / color / mirror / Atom feed
* Where does semanage store changes?
@ 2014-07-13  7:38 dE
  2014-07-14 13:20 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: dE @ 2014-07-13  7:38 UTC (permalink / raw)
  To: selinux

Except when deleting and adding modules (when the main policy binary 
changes; did a checksum to verify that), where are other changes which 
semanage makes (like change boolean values, users, port, interface, 
node) stored?

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Where does semanage store changes?
  2014-07-13  7:38 Where does semanage store changes? dE
@ 2014-07-14 13:20 ` Stephen Smalley
  2014-07-16  4:40   ` dE
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2014-07-14 13:20 UTC (permalink / raw)
  To: dE, selinux

On 07/13/2014 03:38 AM, dE wrote:
> Except when deleting and adding modules (when the main policy binary
> changes; did a checksum to verify that), where are other changes which
> semanage makes (like change boolean values, users, port, interface,
> node) stored?

Ultimately all of the changes you listed have to be stored in the kernel
policy binary since they are part of the kernel policy (unlike, for
example, semanage fcontext or login mappings).  However, they are also
kept in separate configuration files under
/etc/selinux/$SELINUXTYPE/modules/active and merged into the generated
kernel policy after linking and expanding the policy modules together.
Non-kernel configurations such as fcontext or login mappings are stored
in their own respective files, e.g. file_contexts.local and seusers.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Where does semanage store changes?
  2014-07-14 13:20 ` Stephen Smalley
@ 2014-07-16  4:40   ` dE
  0 siblings, 0 replies; 3+ messages in thread
From: dE @ 2014-07-16  4:40 UTC (permalink / raw)
  To: selinux

On 07/14/14 18:50, Stephen Smalley wrote:
> On 07/13/2014 03:38 AM, dE wrote:
>> Except when deleting and adding modules (when the main policy binary
>> changes; did a checksum to verify that), where are other changes which
>> semanage makes (like change boolean values, users, port, interface,
>> node) stored?
> Ultimately all of the changes you listed have to be stored in the kernel
> policy binary since they are part of the kernel policy (unlike, for
> example, semanage fcontext or login mappings).  However, they are also
> kept in separate configuration files under
> /etc/selinux/$SELINUXTYPE/modules/active and merged into the generated
> kernel policy after linking and expanding the policy modules together.
> Non-kernel configurations such as fcontext or login mappings are stored
> in their own respective files, e.g. file_contexts.local and seusers.
>
>

Yes, semodule -B merges those changes making active directory empty.

However, semange still remembers the changes it made (using -E).

Thanks for the clarification.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-07-16  4:40 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-13  7:38 Where does semanage store changes? dE
2014-07-14 13:20 ` Stephen Smalley
2014-07-16  4:40   ` dE

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.