On Mon, 2010-06-14 at 11:24 -0400, Eric Paris wrote: > On Mon, 2010-06-14 at 10:57 -0400, Stephen Smalley wrote: > > On Fri, 2010-06-11 at 12:37 -0400, Eric Paris wrote: > > > There is interest in being able to see what the actual policy is that was > > > loaded into the kernel. The patch creates a new selinuxfs file > > > /selinux/policy which can be read by userspace. The actual policy that is > > > loaded into the kernel will be written back out to userspace. > > > > How do you expect this to be used? As with /selinux/load, we can't use > > coreutils utilities to manipulate it unfortunately. Nor can we do > > things like checkpolicy -b /selinux/policy since it doesn't support > > mmap. > > I used my own program to pull it out to a file and poke it after it was > out. I can certainly take a look at generating the policy on open() > which would allow us to support ppos easily (and maybe mmap, but I've > never written an mmap handler) Hmm...the resulting policy.from.kern doesn't match the binary policy file that was loaded, nor is it a well-formed policy. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
