On Mon, 2010-06-14 at 10:57 -0400, Stephen Smalley wrote: > On Fri, 2010-06-11 at 12:37 -0400, Eric Paris wrote: > > There is interest in being able to see what the actual policy is that was > > loaded into the kernel. The patch creates a new selinuxfs file > > /selinux/policy which can be read by userspace. The actual policy that is > > loaded into the kernel will be written back out to userspace. > > How do you expect this to be used? As with /selinux/load, we can't use > coreutils utilities to manipulate it unfortunately. Nor can we do > things like checkpolicy -b /selinux/policy since it doesn't support > mmap. It doesn't seem useful if I can't do things like: seinfo /selinux/policy cmp /selinux/policy /etc/selinux/$SELINUXTYPE/policy/policy.24 sediff /selinux/policy \; /etc/selinux/$SELINUXTYPE/poilcy/policy.24 -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
