Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 09:54 PM, James Carter wrote: > On 10/14/2016 03:26 PM, Dominick Grift wrote: >> On 10/14/2016 09:17 PM, Dominick Grift wrote: >>> On 10/14/2016 09:09 PM, Dominick Grift wrote: On 10/14/2016 09:08 PM, Stephen Smalley wrote: > On 10/14/2016 02:58 PM, Dominick Grift wrote:

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 03:26 PM, Dominick Grift wrote: On 10/14/2016 09:17 PM, Dominick Grift wrote: On 10/14/2016 09:09 PM, Dominick Grift wrote: On 10/14/2016 09:08 PM, Stephen Smalley wrote: On 10/14/2016 02:58 PM, Dominick Grift wrote: On 10/14/2016 08:52 PM, Dominick Grift wrote: On 10/14/2016

Re: speeding up nodups_specs, need large fc file.

On 10/14/2016 09:02 AM, William Roberts wrote: > Looks like make MONOLITHIC=y policy to get the binary policy file > > Is it normal for checkpolicy to take 5 minutes? No, at least not with a modern checkpolicy. Are you using a current version? $ time make MONOLITHIC=y policy Compiling

Re: speeding up nodups_specs, need large fc file.

Likely not, I see it compiling version 29 and I am on ubuntu which is way out of date with this stuff... should I just use the checkpolicy from my AOSP tree? Or should I just install with some particular set of options from selinux master repo? On Fri, Oct 14, 2016 at 9:06 AM, Stephen Smalley

ANN: SELinux userspace release

The 2016-10-14 / 2.6 release for the SELinux userspace is now available at: https://github.com/SELinuxProject/selinux/wiki/Releases This has been tagged as 20161014 in the git repository. Below are some notes on this release for packagers of the SELinux userspace. Please see the individual

Re: speeding up nodups_specs, need large fc file.

Is it to be expected that checkfc would actually fail on refpolicy? $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts Error: "fs_type" is not defined in this policy. I could comment out the validation callback... but just wondering if this is expected. On Fri, Oct 14, 2016 at 9:08

Re: speeding up nodups_specs, need large fc file.

On Fri, Oct 14, 2016 at 10:32 AM, Stephen Smalley wrote: > On 10/14/2016 10:15 AM, William Roberts wrote: >> Is it to be expected that checkfc would actually fail on refpolicy? >> >> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts >> Error: "fs_type" is not

Re: speeding up nodups_specs, need large fc file.

On 10/14/2016 10:32 AM, Stephen Smalley wrote: > On 10/14/2016 10:15 AM, William Roberts wrote: >> Is it to be expected that checkfc would actually fail on refpolicy? >> >> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts >> Error: "fs_type" is not defined in this policy. >> >> I

Re: speeding up nodups_specs, need large fc file.

On 10/14/2016 10:15 AM, William Roberts wrote: > Is it to be expected that checkfc would actually fail on refpolicy? > > $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_contexts > Error: "fs_type" is not defined in this policy. > > I could comment out the validation callback... but just

Re: ANN: SELinux userspace release

>>> now available at: >>>> https://github.com/SELinuxProject/selinux/wiki/Releases >>>> >>>> This has been tagged as 20161014 in the git repository. >>>> >>>> Below are some notes on this release for packagers of the >>>&g

Re: ANN: SELinux userspace release

On 10/14/2016 05:55 PM, Stephen Smalley wrote: >>>>>> The 2016-10-14 / 2.6 release for the SELinux userspace is >>>>>> now available at: >>>>>> https://github.com/SELinuxProject/selinux/wiki/Releases >>>>>> >>>

Re: ANN: SELinux userspace release

SELinuxProject/selinux/wiki/Releases >>> >>> This has been tagged as 20161014 in the git repository. >>> >>> Below are some notes on this release for packagers of the >>> SELinux userspace. Please see the individual ChangeLog files for >>> a detaile

Re: ANN: SELinux userspace release

On 10/14/2016 12:02 PM, Dominick Grift wrote: > On 10/14/2016 05:55 PM, Stephen Smalley wrote: >> The 2016-10-14 / 2.6 release for the SELinux userspace is now >> available at: >> https://github.com/SELinuxProject/selinux/wiki/Releases >> >> This has been tagged

Re: speeding up nodups_specs, need large fc file.

On 10/14/2016 09:07 AM, William Roberts wrote: > Likely not, I see it compiling version 29 and I am on ubuntu which is > way out of date with this stuff... should I just use the checkpolicy > from my AOSP tree? > > Or should I just install with some particular set of options from > selinux master

Re: speeding up nodups_specs, need large fc file.

Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and it only took 4 seconds. On Fri, Oct 14, 2016 at 9:07 AM, William Roberts wrote: > Likely not, I see it compiling version 29 and I am on ubuntu which is > way out of date with this stuff... should I

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 08:52 PM, Dominick Grift wrote: > On 10/14/2016 07:40 PM, Stephen Smalley wrote: >> When a non-MLS policy was used with genhomedircon context_from_record() >> in sepol would report an error because an MLS level was present when MLS >> is disabled. Based on a patch by Gary Tierney,

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 02:52 PM, Dominick Grift wrote: > On 10/14/2016 07:40 PM, Stephen Smalley wrote: >> When a non-MLS policy was used with genhomedircon >> context_from_record() in sepol would report an error because an >> MLS level was present when MLS is disabled. Based on a patch by >> Gary

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 07:40 PM, Stephen Smalley wrote: > When a non-MLS policy was used with genhomedircon context_from_record() > in sepol would report an error because an MLS level was present when MLS > is disabled. Based on a patch by Gary Tierney, amended to use > sepol_policydb_mls_enabled rather

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 02:58 PM, Dominick Grift wrote: > On 10/14/2016 08:52 PM, Dominick Grift wrote: >> On 10/14/2016 07:40 PM, Stephen Smalley wrote: >>> When a non-MLS policy was used with genhomedircon >>> context_from_record() in sepol would report an error because an >>> MLS level was present when

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 09:08 PM, Stephen Smalley wrote: > On 10/14/2016 02:58 PM, Dominick Grift wrote: >> On 10/14/2016 08:52 PM, Dominick Grift wrote: >>> On 10/14/2016 07:40 PM, Stephen Smalley wrote: When a non-MLS policy was used with genhomedircon context_from_record() in sepol would report

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 09:09 PM, Dominick Grift wrote: > On 10/14/2016 09:08 PM, Stephen Smalley wrote: >> On 10/14/2016 02:58 PM, Dominick Grift wrote: >>> On 10/14/2016 08:52 PM, Dominick Grift wrote: On 10/14/2016 07:40 PM, Stephen Smalley wrote: > When a non-MLS policy was used with

Re: [PATCH] libsemanage: genhomedircon: only set MLS level if MLS is enabled

On 10/14/2016 09:17 PM, Dominick Grift wrote: > On 10/14/2016 09:09 PM, Dominick Grift wrote: >> On 10/14/2016 09:08 PM, Stephen Smalley wrote: >>> On 10/14/2016 02:58 PM, Dominick Grift wrote: On 10/14/2016 08:52 PM, Dominick Grift wrote: > On 10/14/2016 07:40 PM, Stephen Smalley wrote: