I am trying to set/get file SELinux contexts using the set/getfilecon programs. I added debug prints in the kernel to track code flow. I notice that although setfilecon succeeds on a given file, a subsequent call to getfilecon on the same file returns the string "kernel" irrespective of the context that was set using setfilecon. On any other file whose context is not set yet, getfilecon properly returns the string "unlabeled"
I suspect the inode struct in the kernel is not being updated properly after a setxattr call. Has anyone else faced a similar problem? I am working on Android's Nexus one phone.
Thanks,
Bhargava
On Fri, Nov 11, 2011 at 12:33 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
Don't set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX, and then you
don't need to set a value at all. The only purpose of the option is to
force the kernel to report an older version than it truly supports, and
that was only to deal with a compatibility issue in Fedora 2/3.
This somehow slipped my mind. Thanks, problem solved.
Regards,
Bhargava Shastry
--
Bhargava Shastry
