On Fri, 2010-01-08 at 16:02 -0500, Joshua Brindle wrote: > Stephen Smalley wrote: > > On Fri, 2010-01-08 at 15:51 -0500, Joshua Brindle wrote: > >> Joshua Brindle wrote: > >>> > >>> Stephen Smalley wrote: > >>>> On Fri, 2010-01-08 at 15:19 -0500, Joshua Brindle wrote: > >> <snip> > >>> oops, I foolishly scanned looking for policy.kern. > >>> > >> No, it is worse than that, I wasn't actually running the code I was > >> claiming to (as evidenced by the priority level and hll files) > >> > >> Up to patch 4 my /var/lib/selinux now looks like this: > >> > >> [root@F12 active]# find /var/lib/selinux/ > >> /var/lib/selinux/ > >> /var/lib/selinux/targeted > >> /var/lib/selinux/targeted/semanage.read.LOCK > >> /var/lib/selinux/targeted/semanage.trans.LOCK > >> /var/lib/selinux/targeted/active > >> /var/lib/selinux/targeted/active/modules > >> /var/lib/selinux/targeted/active/modules/abrt.pp > >> /var/lib/selinux/targeted/active/modules/ada.pp > >> ... > >> /var/lib/selinux/targeted/active/modules/xguest.pp > >> /var/lib/selinux/targeted/active/modules/zabbix.pp > >> /var/lib/selinux/targeted/active/modules/zebra.pp > >> /var/lib/selinux/targeted/active/modules/zosremote.pp > >> /var/lib/selinux/targeted/active/base.pp > >> /var/lib/selinux/targeted/active/file_contexts.template > >> /var/lib/selinux/targeted/active/homedir_template > >> /var/lib/selinux/targeted/active/users_extra > >> /var/lib/selinux/targeted/active/commit_num > >> /var/lib/selinux/tmp > >> > >> > >> so I don't have any final files in targeted anymore, though I didn't try > >> to stop semodule half-way and look in tmp. > > > > I haven't tried only up through patch 4, only with all 13 patches > > applied. > > > > Also, I have all Fedora policies installed (yum install > > selinux-policy*), so I have mls, targeted, and minimum, although > > targeted is the active one. > > > > Are you running the migrate script? I believe it is erroneously copying > final files into the store: > > + # List of paths that go in the active 'root' > + TOPPATHS = [ > + "file_contexts", > + "homedir_template", > + "file_contexts.template", > + "commit_num", > + "ports.local", > + "interfaces.local", > + "nodes.local", > + "booleans.local", > + "file_contexts.local", > + "seusers", > + "users.local", > + "users_extra.local", > + "seusers.final", > + "users_extra", > + "netfilter_contexts", > + "file_contexts.homedirs", > + "disable_dontaudit" ] > + > That does appear to be the case. When I remove the final files, they do not reappear after I rebuild the policy. > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
