On 10/14/2016 09:08 PM, Stephen Smalley wrote:
> On 10/14/2016 02:58 PM, Dominick Grift wrote:
>> On 10/14/2016 08:52 PM, Dominick Grift wrote:
>>> On 10/14/2016 07:40 PM, Stephen Smalley wrote:
>>>> When a non-MLS policy was used with genhomedircon
>>>> context_from_record() in sepol would report an error because an
>>>> MLS level was present when MLS is disabled. Based on a patch
>>>> by Gary Tierney, amended to use sepol_policydb_mls_enabled
>>>> rather than semanage_mls_enabled because we are testing the
>>>> temporary working policy, not the active policy.
>>>>
>>>> Reported-by: Jason Zaman <ja...@perfinion.com> Signed-off-by:
>>>> Stephen Smalley <s...@tycho.nsa.gov> ---
>>>> libsemanage/src/genhomedircon.c | 6 +++++- 1 file changed, 5
>>>> insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/libsemanage/src/genhomedircon.c
>>>> b/libsemanage/src/genhomedircon.c index 6991fff..5e9d722
>>>> 100644 --- a/libsemanage/src/genhomedircon.c +++
>>>> b/libsemanage/src/genhomedircon.c @@ -638,7 +638,11 @@ static
>>>> int write_contexts(genhomedircon_settings_t *s, FILE *out, goto
>>>> fail; }
>>>>
>>>> - if (sepol_context_set_user(sepolh, context, user->sename) <
>>>> 0 || + if (sepol_context_set_user(sepolh, context,
>>>> user->sename) < 0) { + goto fail; + } + +
>>>> if
>>>> (sepol_policydb_mls_enabled(s->policydb) &&
>>>> sepol_context_set_mls(sepolh, context, user->level) < 0) { goto
>>>> fail; }
>>>>
>>>
>>> I could not get this to work:
>>>
>>> libsemanage.validate_handler: seuser mapping [kcinimod ->
>>> (wheel.id, s0-s0:c0.c1023)] is invalid (No such file or
>>> directory). libsemanage.dbase_llist_iterate: could not iterate
>>> over records (No such file or directory) semodule: failed!
>>>
>>
>> for reference:
>>
>> https://www.youtube.com/watch?v=yUAikbw5BSQ
>
> Not sure about that, but with this patch, I could successfully do the
> following:
> $ cd refpolicy
> $ make conf
> $ make
> $ sudo make install
> $ sudo make load
>
> And genhomedircon ran without complaint, and I have the expected
> entries in file_contexts.homedirs.
> That's with the standard policy.
> Ok thats good enough for me. I admit i just upgraded my systems, and made major changes to my policy so it may just be me. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
