On 07/14/14 18:50, Stephen Smalley wrote:
On 07/13/2014 03:38 AM, dE wrote:
Except when deleting and adding modules (when the main policy binary
changes; did a checksum to verify that), where are other changes which
semanage makes (like change boolean values, users, port, interface,
node) stored?
Ultimately all of the changes you listed have to be stored in the kernel
policy binary since they are part of the kernel policy (unlike, for
example, semanage fcontext or login mappings). However, they are also
kept in separate configuration files under
/etc/selinux/$SELINUXTYPE/modules/active and merged into the generated
kernel policy after linking and expanding the policy modules together.
Non-kernel configurations such as fcontext or login mappings are stored
in their own respective files, e.g. file_contexts.local and seusers.
Yes, semodule -B merges those changes making active directory empty.
However, semange still remembers the changes it made (using -E).
Thanks for the clarification.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
