Re: Knowing policy contents

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2014-02-24 at 16:50 +0100, Maciej Lasyk wrote:

<snip>

> > >>> 
> > >>> Let's say that I have file 
> > >>> /etc/selinux/targeted/modules/active/modules/lvm.pp
> > >>> 
> > >>> What would be the easiest way to view the policy that this file 
> > >>> contains? 
> > >>> 
> > >>> But how could I know how the policy looks like for already created and 
> > >>> loaded policies? Let's stick to that lvm.pp as the example.
> > >>>

<snip>

>  
> > Usually sesearch is a better solution then just looking at the source.  The
> > source is just going to show you the interfaces called, where is sesearch will
> > show you the results.
> > 
> > sesearch -A -s lvm_t
> > 
> > Will show you every allow rule that effects the lvm_t process domain.
> 
> Great - thanks - that really did the job :)

Glad to hear that it helped you get the job done but for the record:

Although the answer that dwalsh gave is one hundred percent correct. It
is not the answer to your initial question. 

You do no not know that lvm_t is declared in lvm.pp. Sure in this case
the type is consistent with module name but that is not always the case.
Also who's to say that there aren't any other types declared in this
module (spoiler: there are)?

Not to mention that a typical .pp policy package also encloses a .fc
file context file.

semodule_unpackage should, in my view, just be fixed to deal with this
checksum issue. Also i believe that currently semodule_unpackage tool
cannot properly extract the enclosed (.fc) file context file.

These are, in my view, actually a couple of bugs that would improve
usability a lot when fixed. Some how it does not get the attention it
deserves.


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux