All of lore.kernel.org
 help / color / mirror / Atom feed
From: Joshua Brindle <method@manicmethod.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: jwcart2@tycho.nsa.gov, Caleb Case <ccase@tresys.com>,
	selinux@tycho.nsa.gov, csellers@tresys.com,
	kmacmillan@tresys.com
Subject: Re: [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp
Date: Fri, 08 Jan 2010 16:02:01 -0500	[thread overview]
Message-ID: <4B479D49.6090306@manicmethod.com> (raw)
In-Reply-To: <1262984338.20881.22.camel@moss-pluto.epoch.ncsc.mil>

Stephen Smalley wrote:
> On Fri, 2010-01-08 at 15:51 -0500, Joshua Brindle wrote:
>> Joshua Brindle wrote:
>>>
>>> Stephen Smalley wrote:
>>>> On Fri, 2010-01-08 at 15:19 -0500, Joshua Brindle wrote:
>> <snip>
>>> oops, I foolishly scanned looking for policy.kern.
>>>
>> No, it is worse than that, I wasn't actually running the code I was
>> claiming to (as evidenced by the priority level and hll files)
>>
>> Up to patch 4 my /var/lib/selinux now looks like this:
>>
>> [root@F12 active]# find /var/lib/selinux/
>> /var/lib/selinux/
>> /var/lib/selinux/targeted
>> /var/lib/selinux/targeted/semanage.read.LOCK
>> /var/lib/selinux/targeted/semanage.trans.LOCK
>> /var/lib/selinux/targeted/active
>> /var/lib/selinux/targeted/active/modules
>> /var/lib/selinux/targeted/active/modules/abrt.pp
>> /var/lib/selinux/targeted/active/modules/ada.pp
>> ...
>> /var/lib/selinux/targeted/active/modules/xguest.pp
>> /var/lib/selinux/targeted/active/modules/zabbix.pp
>> /var/lib/selinux/targeted/active/modules/zebra.pp
>> /var/lib/selinux/targeted/active/modules/zosremote.pp
>> /var/lib/selinux/targeted/active/base.pp
>> /var/lib/selinux/targeted/active/file_contexts.template
>> /var/lib/selinux/targeted/active/homedir_template
>> /var/lib/selinux/targeted/active/users_extra
>> /var/lib/selinux/targeted/active/commit_num
>> /var/lib/selinux/tmp
>>
>>
>> so I don't have any final files in targeted anymore, though I didn't try
>> to stop semodule half-way and look in tmp.
>
> I haven't tried only up through patch 4, only with all 13 patches
> applied.
>
> Also, I have all Fedora policies installed (yum install
> selinux-policy*), so I have mls, targeted, and minimum, although
> targeted is the active one.
>

Are you running the migrate script? I believe it is erroneously copying 
final files into the store:

+	# List of paths that go in the active 'root'
+	TOPPATHS = [
+		"file_contexts",
+		"homedir_template",
+		"file_contexts.template",
+		"commit_num",
+		"ports.local",
+		"interfaces.local",
+		"nodes.local",
+		"booleans.local",
+		"file_contexts.local",
+		"seusers",
+		"users.local",
+		"users_extra.local",
+		"seusers.final",
+		"users_extra",
+		"netfilter_contexts",
+		"file_contexts.homedirs",
+		"disable_dontaudit" ]
+

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2010-01-08 21:02 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-23 23:25 [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Caleb Case
2009-12-23 23:25 ` [PATCH 01/13] libsemanage: fix typo in tests makefile -o -> -O Caleb Case
2009-12-23 23:25   ` [PATCH 02/13] semanage: move permissive module creation to /tmp Caleb Case
2009-12-23 23:25     ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Caleb Case
2009-12-23 23:25       ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Caleb Case
2009-12-23 23:25         ` [PATCH 05/13] libsemanage: update unit tests for move to /var/lib/selinux Caleb Case
2009-12-23 23:25           ` [PATCH 06/13] libsemanage: add default priority to semanage_handle_t Caleb Case
2009-12-23 23:25             ` [PATCH 07/13] libsemanage: augment semanage_module_info_t and provide semanage_module_key_t Caleb Case
2009-12-23 23:25               ` [PATCH 08/13] libsemanage: get/set module info and enabled status Caleb Case
2009-12-23 23:25                 ` [PATCH 09/13] libsemanage: provide function to get new base module path Caleb Case
2009-12-23 23:25                   ` [PATCH 10/13] libsemanage: installing/upgrading/removing modules via info and key Caleb Case
2009-12-23 23:25                     ` [PATCH 11/13] libsemanage: new private api for unstable functions Caleb Case
2009-12-23 23:25                       ` [PATCH 12/13] semodule: add priority, enabled, and extended listing Caleb Case
2009-12-23 23:26                         ` [PATCH 13/13] semanage store migration script Caleb Case
2010-01-08 15:34                           ` Stephen Smalley
2010-01-08 20:59                             ` James Carter
2010-01-08 21:05                               ` Stephen Smalley
2010-01-08 21:27                               ` Caleb Case
2010-01-11 19:53                                 ` James Carter
2010-01-11 19:57                                   ` Joshua Brindle
2010-01-11 20:45                                     ` James Carter
2010-01-08 14:30         ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Stephen Smalley
2010-01-08 15:07           ` James Carter
2010-01-08 15:28             ` Stephen Smalley
2010-01-08 18:25               ` Caleb Case
2010-01-08 20:19               ` Joshua Brindle
2010-01-08 20:25                 ` Stephen Smalley
2010-01-08 20:30                   ` Joshua Brindle
2010-01-08 20:51                     ` Joshua Brindle
2010-01-08 20:58                       ` Stephen Smalley
2010-01-08 21:02                         ` Joshua Brindle [this message]
2010-01-08 21:04                           ` Stephen Smalley
2010-01-08 21:12                           ` James Carter
2010-01-08 14:28       ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Stephen Smalley
2010-01-08 14:50         ` James Carter
2010-01-08 15:19           ` Stephen Smalley
2010-01-07 22:28 ` [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Chad Sellers
2010-01-08 14:30   ` James Carter
2010-01-21 21:06     ` Chad Sellers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4B479D49.6090306@manicmethod.com \
    --to=method@manicmethod.com \
    --cc=ccase@tresys.com \
    --cc=csellers@tresys.com \
    --cc=jwcart2@tycho.nsa.gov \
    --cc=kmacmillan@tresys.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.