On Saturday 29 March 2008 02:10, "Joshua Brindle" <jbrindle@xxxxxxxxxx> wrote: > >> # file qmail.pp base.pp /tmp/loadkeys.pp > >> qmail.pp: SE Linux modular policy version 1, 2 sections, mod > >> version 7, Not MLS, module name qmail\005 > > Also I think SELinux policy package, this magic number is for packages, > modules have their own magic number. # file /etc/selinux/refpolicy-mls/policy/policy.22 /etc/selinux/refpolicy-mls/policy/policy.22: SE Linux policy v22 MLS 8 symbols 7 ocons Yes, I've got that. > >> base.pp: SE Linux modular policy version 1, 4 sections, mod > >> version 7, Not MLS, base /tmp/loadkeys.pp: SE Linux modular policy > >> version 1, 2 sections, mod version 6, MLS, module name loadkeys\005 > >> > >> Please let me know what you think of this, in terms of text > >> formatting, information displayed, and use of file(1) features. > > > > "policy version 1" ought to be "policy type 1", or more > > simply, "base module" (1) or "non-base module" (2). But non-base modules have a 1 in that field too! > > Just for comparison with the existing support in file for > > kernel policies, "file policy.21" displays: > > policy.21: SE Linux policy v21 8 symbols 7 ocons > > > > Not sure though that the symbols and ocons info is helpful > > there to users, and it should always be implicit from the version. Probably not. But that was a mistake I made long ago. Hopefully this discussion will help avoid such things this time. > > Note btw that this format is expected to be obsoleted by the > > policyrep work. Which format? The module format or the policy binary format? In either case we still need file(1) support. When someone gives me a disk containing a Debian/Etch or Fedora Core 5 filesystem in 2012 which has most files in /lost+found and asks me to recover data then the presence of magic entries will really help. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
