All of lore.kernel.org
 help / color / mirror / Atom feed
From: bauen1 <j2468h@googlemail.com>
To: Petr Lautrbach <plautrba@redhat.com>,
	bauen1 <j2468h@googlemail.com>,
	selinux@vger.kernel.org
Subject: Re: [PATCH v2] chcat: allow usage if binary policy is inaccessible
Date: Mon, 22 Feb 2021 21:33:33 +0100	[thread overview]
Message-ID: <15f30b03-0734-9797-c529-693722daf4e0@gmail.com> (raw)
In-Reply-To: <87wnv0555e.fsf@redhat.com>

On 2/22/21 7:27 PM, Petr Lautrbach wrote:
> bauen1 <j2468h@googlemail.com> writes:
> 
>> Currently, chcat will crash when run as regular user, because import
>> sepolicy throws an Exception when failing to access the binary policy
>> under /etc/selinux/${POLICYNAME}/policy/ which is inaccessible to
>> regular users.
>>
> 
> I'd rather follow Nicolas suggestion so I've prepared a patch, see
> below, which moves the policy initialization in sepolicy module before
> it's used for the first time. It seems to solve the same problem in more
> generic way. I need to run some tests on that and then they pass I'll
> propose it here on the mailing list.
> 

Yes, this is a much better approach.

-- 
bauen1
https://dn42.bauen1.xyz/

      reply	other threads:[~2021-02-22 20:34 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-09 14:06 [PATCH] chcat: don't crash if access to binary policy is prohibited bauen1
2020-05-10 17:25 ` Nicolas Iooss
2020-05-29 13:16   ` Stephen Smalley
2021-02-17 21:16     ` [PATCH v2] chcat: allow usage if binary policy is inaccessible bauen1
2021-02-22 18:27       ` Petr Lautrbach
2021-02-22 20:33         ` bauen1 [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=15f30b03-0734-9797-c529-693722daf4e0@gmail.com \
    --to=j2468h@googlemail.com \
    --cc=plautrba@redhat.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.