On Wed, 2014-01-08 at 15:44 -0500, Steve Lawrence wrote:
> Thanks, and we look forward to receive your feedback.
I played with this a bit this morning. Followed all steps.
(it was missing some trivial instructions like install git, gcc and
bison) (no big deal but still might be worth mentioning for others)
You also may want to relabel the file system when all other steps are
done
We are instructed to "cp
-r /etc/selinux/targeted/{contexts,seusers,setrans.conf} /etc/selinux/cil-test/"
Would be nice if we could get rid of the step because it introduces
inconsistency in the policy
One really visible result is that for some reason files that are created
(using a non-mls cilpolicy as per instructions) end up mislabeled
because they are created without the mls attribute (for instance
without :s0). SELinux considers those invalid (unlabeled) even though it
is non-mls policy. The contexts we had to copy
from /etc/selinux/targeted are valid because existing objects (with :s0)
are fine. The problem is the objects that creating in a running system.
I will keep tinkering
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
