Re: Where does semanage store changes?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: dE <de.techno@gmail.com>
To: selinux@tycho.nsa.gov
Subject: Re: Where does semanage store changes?
Date: Wed, 16 Jul 2014 10:10:20 +0530	[thread overview]
Message-ID: <53C60234.8060208@gmail.com> (raw)
In-Reply-To: <53C3D938.20307@tycho.nsa.gov>

On 07/14/14 18:50, Stephen Smalley wrote:
> On 07/13/2014 03:38 AM, dE wrote:
>> Except when deleting and adding modules (when the main policy binary
>> changes; did a checksum to verify that), where are other changes which
>> semanage makes (like change boolean values, users, port, interface,
>> node) stored?
> Ultimately all of the changes you listed have to be stored in the kernel
> policy binary since they are part of the kernel policy (unlike, for
> example, semanage fcontext or login mappings).  However, they are also
> kept in separate configuration files under
> /etc/selinux/$SELINUXTYPE/modules/active and merged into the generated
> kernel policy after linking and expanding the policy modules together.
> Non-kernel configurations such as fcontext or login mappings are stored
> in their own respective files, e.g. file_contexts.local and seusers.
>
>

Yes, semodule -B merges those changes making active directory empty.

However, semange still remembers the changes it made (using -E).

Thanks for the clarification.

     prev parent reply	other threads:[~2014-07-16  4:40 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-13  7:38 Where does semanage store changes? dE
2014-07-14 13:20 ` Stephen Smalley
2014-07-16  4:40   ` dE [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53C60234.8060208@gmail.com \
    --to=de.techno@gmail.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.