From: Stephen Smalley <sds@tycho.nsa.gov>
To: Steve Lawrence <slawrence@tresys.com>,
SELinux List <selinux@tycho.nsa.gov>
Subject: Re: [PATCH] libsemanage: save homedir_template in the policy store for genhomedircon
Date: Thu, 3 Sep 2015 11:26:16 -0400 [thread overview]
Message-ID: <55E86698.1090900@tycho.nsa.gov> (raw)
In-Reply-To: <1441293481-13903-1-git-send-email-slawrence@tresys.com>
On 09/03/2015 11:18 AM, Steve Lawrence wrote:
> We don't currently store homedir_template in the policy store, which
> means genhomedircon only has a template file to use if the
> homedir_template was generated from the file contexts in the same
> transaction. But homedir_template isn't always generated, as in the
> case with setsebool -P. In this and other cases, genhomedircon will not
> have a template file resulting in an empty file_contexts.homedir file.
>
> This commit changes this so that homedir_template is always stored in
> the policy store so it can be used by genhomedircon regardless of how
> policy was built. Also add the homedir_template file to the migration
> script.
>
> Signed-off by: Steve Lawrence <slawrence@tresys.com>
Only question I have is whether either of the other two files that are
being unlinked below need to be kept around for the same reason? Or are
they always generated, even upon setsebool -P?
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
> ---
> libsemanage/src/direct_api.c | 1 -
> libsemanage/utils/semanage_migrate_store | 3 ++-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
> index 90a7b22..6e49cae 100644
> --- a/libsemanage/src/direct_api.c
> +++ b/libsemanage/src/direct_api.c
> @@ -1415,7 +1415,6 @@ static int semanage_direct_commit(semanage_handle_t * sh)
>
> /* remove files that are automatically generated and no longer needed */
> unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_FC_TMPL));
> - unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL));
> unlink(semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA));
>
> if (sh->do_rebuild || modified || bools_modified || fcontexts_modified) {
> diff --git a/libsemanage/utils/semanage_migrate_store b/libsemanage/utils/semanage_migrate_store
> index 539f469..297c71b 100755
> --- a/libsemanage/utils/semanage_migrate_store
> +++ b/libsemanage/utils/semanage_migrate_store
> @@ -251,7 +251,8 @@ if __name__ == "__main__":
> "disable_dontaudit",
> "preserve_tunables",
> "policy.kern",
> - "file_contexts"]
> + "file_contexts",
> + "homedir_template"]
>
>
> create_dir(newroot_path(), 0o755)
>
next prev parent reply other threads:[~2015-09-03 15:26 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-03 15:18 [PATCH] libsemanage: save homedir_template in the policy store for genhomedircon Steve Lawrence
2015-09-03 15:26 ` Stephen Smalley [this message]
2015-09-03 16:57 ` Steve Lawrence
2015-09-04 3:14 ` Jason Zaman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55E86698.1090900@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=slawrence@tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.