> I see, looks good then. > > Acked-by: Steve Lawrence <slawrence@xxxxxxxxxx> > > Merged as of libselinux to 2.0.99 > Thanks for your reviewing. I also submitted the following patch: http://marc.info/?l=selinux&m=129429839717037&w=2 The db_language class represents procedural languages (such as pl/pgsql, ...) that is already got into refpolicy, so please add libselinux this support also. Thanks, -- NEC Europe Ltd, Global Competence Center KaiGai Kohei <kohei.kaigai@xxxxxxxxxx> > -----Original Message----- > From: Steve Lawrence [mailto:slawrence@xxxxxxxxxx] > Sent: 1. März 2011 17:54 > To: Kohei KaiGai > Cc: Kohei Kaigai; SELinux-NSA > Subject: Re: libselinux: add selinux_status_* interfaces for > /selinux/status > > On 02/11/2011 04:09 PM, Kohei KaiGai wrote: > >> The patch looks okay to me, but I'm seeing unexpected behavior with the > >> selinux_status_policyload(). For example, when running your sample > >> status.c code, I get the following (I'm just calling load_policy after > >> each line is printed): > >> > >> # ./status > >> -- selinux kernel status page -- > >> policyload = 0, enforcing = 1, deny_unknown = 0 > >> policyload = 2, enforcing = 1, deny_unknown = 0 > >> policyload = 3, enforcing = 1, deny_unknown = 0 > >> policyload = 4, enforcing = 1, deny_unknown = 0 > >> > >> policyload jumps from 0 to 2 when reloading policy the first time, but > >> all other policy loads after that are incremented by 1, as expected. > And > >> it doesn't matter if it's using mmap or falls back to netlink. Same > >> behavior in both cases. > >> > >> It doesn't look like the problem is in this patch, so I'm guessing this > >> is a problem in the kernel? Or am I missing something and this is the > >> correct behavior? > >> > > It is a specification, not a problem. :-) > > > > See the manpage part of the patch. It says ... > > > > | +.BR selinux_status_policyload > > | +returns times of policy reloaded on the running system, or -1 on error. > > | +Note that it is not a reliable value on fallback-mode until it receive > > | +the first event message via netlink socket. > > | +Thus, don't use this value to know actual times of policy reloaded. > > > > When we use this interface with fallback mode, it opens a netlink socket > > to receive messages from the kernel space. > > The message packet will deliver userspace number of policy reloaded, > > so it also means application cannot know the information until it receives > > the first message packet. > > > > As the manpage says, our recommendable usage of > selinux_status_policyload() > > on fall-back mode is detection of the policy reloaded event, not knowing > > the actual number of policy reloaded in the system. > > > > Of course, when /selinux/status is available, this interface always > returns > > the correct number. > > > > Thanks, > > I see, looks good then. > > Acked-by: Steve Lawrence <slawrence@xxxxxxxxxx> > > Merged as of libselinux to 2.0.99 > > > > > > Click > https://www.mailcontrol.com/sr/GWdwHubc7EzTndxI!oX7UmPeZu4sclqX2roie2u > XDQj5Wf!gl9SlFfzJ+GRHJbN7WZXnCqumW0JTEf5tQBqpNg== to report this email > as spam. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
