----- Original Message ----- > From: "Steve Huston" <huston@xxxxxxxxxxxxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Thursday, November 17, 2016 1:41:51 PM > Subject: Policy module versioning > > In the last few days I've upgraded a couple test systems to RHEL 7.3, > and with that came a new version of policycoreutils (named 2.5-9.el7, > up from 2.2.5-20). I found where some time ago the 'semodule' command > was modified to remove the version information from the output, which > has an unintended side effect of breaking my puppet modules that > maintain local selinux modules and verify the version running is equal > to the one in the manifest. The comment in the checkin (e599a4) > states that CIL does not have a concept of versions, so it's being > removed. > > My question is, what is a good way to determine that the module that > is installed and running matches the one in a specific .te file? I > could of course tell puppet to trigger a rebuild of the .pp file if > the .te has been modified, but it seems without rebuilding and/or > reinstalling every puppet run there's no good way to verify that the > version in memory is the one I've intended. > This would depend on the priority of the module semodule -lfull More info available here: http://blog-bachradsusi.rhcloud.com/2015/06/05/selinux-modules-priority/ > -- > Steve Huston - W2SRH - Unix Sysadmin, PICSciE/CSES & Astrophysical Sci > Princeton University | ICBM Address: 40.346344 -74.652242 > 345 Lewis Library |"On my ship, the Rocinante, wheeling through > Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, > (267) 793-0852 | headlong into mystery." -Rush, 'Cygnus X-1' > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
