Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: I am concerned about putting genhomedircon changes in libsemanage into Fedora 8.
From: Joshua Brindle <method_at_manicmethod.com>
Date: Wed, 26 Sep 2007 10:47:35 -0400
The python version did the wrong thing entirely. It validated the contexts against the running policy in the kernel, which breaks when you try to do an operation on another store. Also since we moved genhomedircon inside of libsemanage the new policy isn't even loaded yet so we can't validate against the kernel (or the new types added by the module being added would be 'invalid'). The only real way to validate the contexts now would be to load the newly generated policy into the libsepol security server and to the context validations on it. This would work, it would just take extra time at module load time. It seems like the real problem is that the invalid contexts are being generated in the first place, relying on genhomedircon to sanity check your file contexts seems like you are punting the problem.
> /sbin/fixfiles restore -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 26 Sep 2007 - 10:47:40 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |