On 09/23/2016 01:47 PM, Jason Zaman wrote: > On Fri, Sep 23, 2016 at 01:07:15PM -0400, Stephen Smalley wrote: >> On 09/22/2016 11:17 AM, Jason Zaman wrote: >>> Hi all, >>> >>> I finally got everything updated to use setools4. The most complicated parts >>> were sepolicy.search() and sepolicy.info() which were largely undocumented. I >>> dumped and diff'd the output from the old and new code so am fairly confident >>> that they are the same (barring some issues that setools3 appears to have with >>> cil). I also changed several places to just use setools directly, having the >>> indirection through search() mostly just complicates and slows things down. >>> >>> The first patch is just cleanup. Next imports and initializes setools. >>> Patches 3-4 update a lot of the users of search() and info() to work with the next >>> changes. >>> Patches 5-6 update search() and info() themselves and the last drops the C >>> module completely >>> >>> I dont know the status of setools4 on fedora (someone else will have to update >>> the README if needed) or others but I've added it masked in gentoo a fair while >>> ago. Once this patchset is merged we can finally get rid of setools3, its been >>> half-broken for a while now. >> >> AFAICT, setools4 is not packaged for Fedora yet. >> $ git clone https://github.com/TresysTechnology/setools >> $ cd setools >> $ git checkout 4.0 > $ python setup.py build_ext > > Try that to build the C module first before installing Thanks, that yielded a working sesearch at least. Unfortunately, I now get this with sepolicy with your patches applied, unless I am somehow still running the old version: $ sepolicy Traceback (most recent call last): File "/usr/bin/sepolicy", line 27, in <module> import sepolicy File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 7, in <module> from . import _policy ImportError: libapol.so.4: cannot open shared object file: No such file or directory This is after doing: $ sudo make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel in selinux with your patches applied. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
