Re: [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp

[Joshua Brindle <method@xxxxxxxxxxxxxxx>]

Stephen Smalley wrote:
> On Fri, 2010-01-08 at 15:51 -0500, Joshua Brindle wrote:
> > Joshua Brindle wrote:
> > > Stephen Smalley wrote:
> > > > On Fri, 2010-01-08 at 15:19 -0500, Joshua Brindle wrote:
> > <snip>
> > > oops, I foolishly scanned looking for policy.kern.
> > No, it is worse than that, I wasn't actually running the code I was
> > claiming to (as evidenced by the priority level and hll files)
> >
> > Up to patch 4 my /var/lib/selinux now looks like this:
> >
> > [root@F12 active]# find /var/lib/selinux/
> > /var/lib/selinux/
> > /var/lib/selinux/targeted
> > /var/lib/selinux/targeted/semanage.read.LOCK
> > /var/lib/selinux/targeted/semanage.trans.LOCK
> > /var/lib/selinux/targeted/active
> > /var/lib/selinux/targeted/active/modules
> > /var/lib/selinux/targeted/active/modules/abrt.pp
> > /var/lib/selinux/targeted/active/modules/ada.pp
> > ...
> > /var/lib/selinux/targeted/active/modules/xguest.pp
> > /var/lib/selinux/targeted/active/modules/zabbix.pp
> > /var/lib/selinux/targeted/active/modules/zebra.pp
> > /var/lib/selinux/targeted/active/modules/zosremote.pp
> > /var/lib/selinux/targeted/active/base.pp
> > /var/lib/selinux/targeted/active/file_contexts.template
> > /var/lib/selinux/targeted/active/homedir_template
> > /var/lib/selinux/targeted/active/users_extra
> > /var/lib/selinux/targeted/active/commit_num
> > /var/lib/selinux/tmp
> >
> >
> > so I don't have any final files in targeted anymore, though I didn't try
> > to stop semodule half-way and look in tmp.
>
> I haven't tried only up through patch 4, only with all 13 patches
> applied.
>
> Also, I have all Fedora policies installed (yum install
> selinux-policy*), so I have mls, targeted, and minimum, although
> targeted is the active one.

Are you running the migrate script? I believe it is erroneously copying 
final files into the store:

+	# List of paths that go in the active 'root'
+	TOPPATHS = [
+		"file_contexts",
+		"homedir_template",
+		"file_contexts.template",
+		"commit_num",
+		"ports.local",
+		"interfaces.local",
+		"nodes.local",
+		"booleans.local",
+		"file_contexts.local",
+		"seusers",
+		"users.local",
+		"users_extra.local",
+		"seusers.final",
+		"users_extra",
+		"netfilter_contexts",
+		"file_contexts.homedirs",
+		"disable_dontaudit" ]
+

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.