On Mon, Feb 24, 2014 at 09:52:02AM +0100, Dominick Grift wrote: > On Mon, 2014-02-24 at 00:44 +0100, Maciej Lasyk wrote: > > Hi guys, > > > > Let's say that I have file > > /etc/selinux/targeted/modules/active/modules/lvm.pp > > > > What would be the easiest way to view the policy that this file > > contains? Normally when creating policy myself I firstly create .te file > > which contains my desired policy rules. > > > > But how could I know how the policy looks like for already created and > > loaded policies? Let's stick to that lvm.pp as the example. > > > > Thanks for your help, > > You can use the semodule_unpackage command to extract the policy package > (.pp) See man semodule_unpackage > > Then you can disassemble the extracted module (.mod) with the (se)dismod > command ( i do not believe there is a manual for that program but its > for example sedismod lvm.mod (or something)) > > The (se)dismod program has a menu that allows you to query most of the > modules content (what waas in the lvm.te) file > > The program is a bit unfriendly an rough on the edges but it does help I already tried with semodule_unpackage (found about it here: http://serverfault.com/questions/321301/how-do-i-view-the-contents-of-a-selinux-policy-package ) but unfortunately every time I try to unpack *any* module from targeted active modules I get: root:modules/ # semodule_unpackage lvm.pp lvm.mod libsepol.module_package_read_offsets: wrong magic number for module package: expected 0xf97cff8f, got 0x39685a42 semodule_unpackage: Error while reading policy module from lvm.pp Stracing this semodule_unpackage gave me nothing, so I stucked here. Is there any repo that I could browse .te files from the official Fedora / targeted policy? Maciek
Attachment:
pgpPS1AK94vYn.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
