On 10/14/2015 09:34 AM, Dominick Grift wrote:
I had some issue that just confused me (to say the least) It seems that I have now solved this. There were two policy.X files in my /etc/selinux/SELINUXTYPE/policy dir, on 29 an one 30. The 29 seemingly had a bug in it. It seems that load_policy (or its libselinux equivalent) defaults to the lowest policy available (29 instead of 30 in this case) Why is that? I fixed the issue by removing the policy.29 file (i think at least)
What policy versions were supported by your kernel (cat /sys/fs/selinux/policyvers) and by your libsepol (checkpolicy -V)?
load_policy will try to use the highest policy version that is supported by the kernel or by your libsepol. If supported by the kernel, it can just load the file directly. Otherwise, it can use libsepol to downgrade the policy to the highest version supported by the kernel and then load the result. If the version is not supported by either the kernel or your libsepol, then it cannot be loaded and it will fall back to an older version.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
