On 01/09/2014 11:09 AM, Dominick Grift wrote: > On Thu, 2014-01-09 at 10:27 -0500, Steve Lawrence wrote: > >> Considering this patchset really only changes where modules are >> installed and the format of those modules, I suspect you're right that >> copying the targeted configuration is causing some issues. Plus the fact >> that the policy is based on old refpolicy and not fedora policy, I >> expected policy related issues. However, the main goal of this RFC was >> to determine if the CIL and Source policy integration is headed down the >> right path, and determine if there are any high level design flaws or >> any issues that need to be worked out for upstream integration to occur. >> If the only remaining issue is getting a system working in enforcing, I >> think we're okay with that. >> >> We'll continue to look into the issues you described and see if we can >> come up with fixes, but I suspect they are more policy/configuration >> related, and not problems with the patchset. >> >> Thanks! >> - Steve > > Alright, i understand. I do suspect this is more than just a simple > policy issue but i can't narrow it down at the moment. Login mappings > are missing one way or another, and that seems to break other things > like home dir context generation. Since semodule -B initiates all this i > would argue that semodule -B functionality for at least some part is > broken on way or another. > > I did do other tests and they seems to all pass. > > For example disabling and enabling modules: > > so for example: > > semodule -d irc (disabled it: confirmed with sesearch) > cd cilpolicy xargs -a LISTING semodule -i > (tells me that it will disable irc module after install because its set > disabled: confirmed with sesearch) > semodule -e irc (enables it again: confirmed with sesearch) > > Yes, looking into some more, I think you're right. There's a bug somewhere. Still looking into it. Thanks, - Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
