On Jul 28, 2015 6:51 PM, "Yuli Khodorkovskiy" <ykhodorkovskiy@xxxxxxxxxx> wrote:
>
> Add --extract/-E, --cil/-c, and --hll/-H to extract modules. If -c/-H
> are not provided, the module will be output as HLL by default. Only
> --cil or --hll (which will use the lang_ext in the semodule store) are valid
> options to use with -E. The module is written to the current working directory
> as <module_name>.<lang_ext>.
>
> If a module exists as HLL and is exported as CIL, it will first compile into
> CIL and cache to the module store. Once compiled, exporting will
> continue.
>
Do we need an interface (CLI) for this? What is wrong with capturing the info from /var/lib/selinux?
I can't confirm from my phone, but I thought that semodule runs in its own domain. Support for writing files would mean that the domain needs additional writing privileges as well, possibly to a whole set of directories as you work with the current working directory.
Wkr,
Sven Vermeulen
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
