KaiGai Kohei wrote: > Joshua Brindle wrote: >> KaiGai Kohei wrote: >>> Joshua Brindle wrote: >>>> KaiGai Kohei wrote: >>>>> The attached patch for libsepol add suport for a new policy version >>>>> named as (MOD_)POLICYDB_VERSION_BOUNDARY. >>>>> Userspace hierarchy checks are reworked in this revision. >>>>> >> I'm seeing a couple problems. First when writing out the policy >> it doesn't seem to respect policyvers, I told it to generate >> a version 23 and it still made a 24. > > Are you saying a configuration of "policy-version = 23" at semanage.conf > is ignored? I could not reproduce it in my environment. > Could you tell me the steps to reproduce it? > > I injected several printf()'s, but it shows a proper policyvers > which reflects semanage.conf correctly. > >> Second it is failing to downgrade the 24 to 23 since my kernel doesn't support 24. > Err, ok. I'm getting inconsistent results now: [root@misterfreeze policy]# semodule -B SELinux: Could not load policy file /etc/selinux/targeted/policy/policy.23: Invalid argument /usr/sbin/load_policy: Can't load policy: Invalid argument libsemanage.semanage_reload_policy: load_policy returned error code 2. I'm not sure what is causing it but it is a different problem than I had before, I'll investigate and see what is going on. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.