On 11/23/2015 02:06 PM, Laurent Bigonville wrote:
Le 23/11/15 19:44, Stephen Smalley a écrit :
On 11/23/2015 12:25 PM, Laurent Bigonville wrote:
As you can see the results are different... So this seems to be
regression at the kernel level.
Well, that depends - are you loading the same policy into both? What
do you have in /etc/selinux/targeted/policy? A policy.29 and a
policy.30? What does your libsepol/checkpolicy support?
Or, alternatively, are you toggling cron_userdomain_transition and
thereby changing the result?
It's the same policy loaded, for both kernel version (I'm just choosing
an other kernel in grub), I only have one policy file.
# ls /etc/selinux/refpolicy/policy/
policy.29
I've the latest released userspace (2.4), policydb.h shows max version
being 29.
The policyvers utility shows: 30 with 4.3 and 29 with 4.2
You are correct - this is a kernel bug. Hidden on Fedora because these
rules are unconditional there...
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
