* setting boolean values
@ 2004-12-17 1:36 Greg Norris
2004-12-17 13:47 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Greg Norris @ 2004-12-17 1:36 UTC (permalink / raw)
To: SELinux
Stupid question... which component is responsible for setting the
initial value for booleans during system startup? I'm guessing this
would be init's job, but am not absolutely certain. I'm trying to
determine why they aren't being set properly on my Debian system...
hopefully it's not something embarrassingly stupid (nah, that NEVER
happens! ;-).
My /etc/selinux/config contains the following:
# used by init
SELINUX=enforcing
# Debian does not support using a config file to switch between policies
SELINUXTYPE=.
My /etc/selinux/booleans contains:
spamassasin_can_network=1
Any thoughts?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setting boolean values
2004-12-17 1:36 setting boolean values Greg Norris
@ 2004-12-17 13:47 ` Stephen Smalley
2004-12-18 2:35 ` Greg Norris
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2004-12-17 13:47 UTC (permalink / raw)
To: Greg Norris; +Cc: SELinux
On Thu, 2004-12-16 at 20:36, Greg Norris wrote:
> Stupid question... which component is responsible for setting the
> initial value for booleans during system startup? I'm guessing this
> would be init's job, but am not absolutely certain. I'm trying to
> determine why they aren't being set properly on my Debian system...
> hopefully it's not something embarrassingly stupid (nah, that NEVER
> happens! ;-).
Yes, the current patch for /sbin/init calls sepol_genbools() to rewrite
the boolean initial values in the binary policy based on your booleans
config file prior to calling security_load_policy(). That was
introduced during FC3 development, so the Debian patch for init might
not be up-to-date. BTW, Fedora Core now has a public CVS repository, so
people who want to track the SELinux-related patches there can do so
much more easily.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setting boolean values
2004-12-17 13:47 ` Stephen Smalley
@ 2004-12-18 2:35 ` Greg Norris
0 siblings, 0 replies; 3+ messages in thread
From: Greg Norris @ 2004-12-18 2:35 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux
[-- Attachment #1: Type: text/plain, Size: 494 bytes --]
On Fri, Dec 17, 2004 at 08:47:02AM -0500, Stephen Smalley wrote:
> Yes, the current patch for /sbin/init calls sepol_genbools() to rewrite
> the boolean initial values in the binary policy based on your booleans
> config file prior to calling security_load_policy(). That was
> introduced during FC3 development, so the Debian patch for init might
> not be up-to-date.
Yep, that was it. I'll see about rebuilding sysvinit with the updated
patch over the next few days.
Thanx!
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-12-18 2:35 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-12-17 1:36 setting boolean values Greg Norris
2004-12-17 13:47 ` Stephen Smalley
2004-12-18 2:35 ` Greg Norris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.