On Mon, 2010-07-26 at 15:34 -0400, Eric Paris wrote: > There is interest in being able to see what the actual policy is that was > loaded into the kernel. The patch creates a new selinuxfs file > /selinux/policy which can be read by userspace. The actual policy that is > loaded into the kernel will be written back out to userspace. Can you clarify exactly how comparable the output is to the original policy file that was loaded? Last time you mentioned range transition rules may be reordered, KaiGai mentioned that ebitmaps might not be identical after conversion (losing the original startbit), and Chris pointed out that sediff isn't sufficient for comparison as it doesn't yet handle constraints. > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
