Re: [DSE-Dev] CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE

On 2 Apr 2017 3:47 pm, "Ben Hutchings" <b...@decadent.org.uk> wrote: On Sun, 2017-04-02 at 14:35 +0200, Laurent Bigonville wrote: > Le 02/04/17 à 03:25, cgzones a écrit : > > Is there any reason why the standard Debian kernel sets the value for > > checkreqprot

[DSE-Dev] SELinux progress

") < 0) + if (maintscript_set_exec_context(cmd) < 0) ohshite(_("cannot set security execution context for " "maintainer script")); -- 2.11.0 From: cgzones <cgzo...@googlemail.co

Re: [DSE-Dev] reproducable builds

I rioted in the debian/rules file and got the build reproducible for me: https://github.com/cgzones/debian-package-refpolicy/commit/8de642c8d1ddd10c09a1d1521eeb4e0a1da6bfff I think the only reproducible error was the missing --sort=name option to the tar command. I used the approach over here

[DSE-Dev] Bug#849637: Bug#849637: /sys/devices/system/cpu/online SELinux context

t; thanks >> >> On Thu, 29 Dec 2016 12:36:30 +0100 cgzones <cgzo...@googlemail.com> wrote: >> >> > When running a SELinux enabled system /sys/devices/system/cpu/online >> > is mislabeled after boot: >> > >> > root@test1:/root/selinux/po

[DSE-Dev] Bug#849637: /sys/devices/system/cpu/online SELinux context

hu, 29 Dec 2016 12:36:30 +0100 cgzones <cgzo...@googlemail.com> wrote: > >> When running a SELinux enabled system /sys/devices/system/cpu/online >> is mislabeled after boot: >> >> root@test1:/root/selinux/policy# restorecon -vv -R -F -n /sys &

[DSE-Dev] Bug#849460: Ship list of module in base module package

Package: refpolicy Version: 2:2.20161023.1-3 Ship a list of modules build into the base module package. This might help with module management. --- debian/rules | 1 + debian/selinux-policy-default.install | 1 + debian/selinux-policy-mls.install | 1 + 3 files

[DSE-Dev] Bug#849463: domain_auto_trans is deprecated

Package: refpolicy Version: 2:2.20161023.1-3 The usage of the macro domain_auto_trans is deprecated. Use domain_auto_transition_pattern instead. --- debian/example/example.if | 2 +- debian/policygentool | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git

[DSE-Dev] Bug#849461: Use dh_install --fail-missing

Package: refpolicy Version: 2:2.20161023.1-3 Use dh_install --fail-missing for hard build errors. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index d6fe74b..d1f7e7c 100755 --- a/debian/rules +++ b/debian/rules @@ -23,7 +23,7

[DSE-Dev] Bug#848232: semanage login: no awareness of exising entries

files, but that does not solve the issue. But I am not sure the upstream python modules were used, and probably the system's libsepol was used too. Kindly Regards, Christian Göttsche 2016-12-17 9:57 GMT+01:00 Laurent Bigonville <bi...@debian.org>: > Le 15/12/16 à 14:13, cgzone

[DSE-Dev] Bug#848232: semanage login: no awareness of exising entries

Package: policycoreutils-python-utils Version: 2.6-2 When working on SELinux login settings, it seems that semanage is not aware of already existing entries. Example usage: root@desktopdebian:/home/christian# semanage login -a -s unconfined_u christian libsemanage.add_user: user system_u not in

[DSE-Dev] Bug#813604: newrole: pamd error

Package: newrole Version: 2.4-4 When i try to use newrole on debian testing with upstream refpolicy (https://github.com/TresysTechnology/refpolicy) installed, i got the following error: root@debianSe:~# newrole -r sysadm_r -t sysadm_t Password: newrole: incorrect password for root Error sending