-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/24/2014 04:49 AM, Maciej Lasyk wrote: > On Mon, Feb 24, 2014 at 09:52:02AM +0100, Dominick Grift wrote: >> On Mon, 2014-02-24 at 00:44 +0100, Maciej Lasyk wrote: >>> Hi guys, >>> >>> Let's say that I have file >>> /etc/selinux/targeted/modules/active/modules/lvm.pp >>> >>> What would be the easiest way to view the policy that this file >>> contains? Normally when creating policy myself I firstly create .te >>> file which contains my desired policy rules. >>> >>> But how could I know how the policy looks like for already created and >>> loaded policies? Let's stick to that lvm.pp as the example. >>> >>> Thanks for your help, >> >> You can use the semodule_unpackage command to extract the policy package >> (.pp) See man semodule_unpackage >> >> Then you can disassemble the extracted module (.mod) with the (se)dismod >> command ( i do not believe there is a manual for that program but its for >> example sedismod lvm.mod (or something)) >> >> The (se)dismod program has a menu that allows you to query most of the >> modules content (what waas in the lvm.te) file >> >> The program is a bit unfriendly an rough on the edges but it does help > > I already tried with semodule_unpackage (found about it here: > http://serverfault.com/questions/321301/how-do-i-view-the-contents-of-a-selinux-policy-package > > ) but unfortunately every time I try to unpack *any* module from > targeted active modules I get: > > root:modules/ # semodule_unpackage lvm.pp lvm.mod > libsepol.module_package_read_offsets: wrong magic number for module > package: expected 0xf97cff8f, got 0x39685a42 semodule_unpackage: Error > while reading policy module from lvm.pp > > Stracing this semodule_unpackage gave me nothing, so I stucked here. > > Is there any repo that I could browse .te files from the official Fedora / > targeted policy? > > Maciek > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Usually sesearch is a better solution then just looking at the source. The source is just going to show you the interfaces called, where is sesearch will show you the results. sesearch -A -s lvm_t Will show you every allow rule that effects the lvm_t process domain. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMLYIQACgkQrlYvE4MpobOElwCeNAuxIo5qicinHdjTKAVo4yCl KnEAn0PY6CzARxYqbWcWeAEUyFyGq7Oi =qhAi -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
