On 09/23/2016 02:15 PM, Stephen Smalley wrote: > On 09/23/2016 01:47 PM, Jason Zaman wrote: >> On Fri, Sep 23, 2016 at 01:07:15PM -0400, Stephen Smalley wrote: >>> On 09/22/2016 11:17 AM, Jason Zaman wrote: >>>> Hi all, >>>> >>>> I finally got everything updated to use setools4. The most complicated parts >>>> were sepolicy.search() and sepolicy.info() which were largely undocumented. I >>>> dumped and diff'd the output from the old and new code so am fairly confident >>>> that they are the same (barring some issues that setools3 appears to have with >>>> cil). I also changed several places to just use setools directly, having the >>>> indirection through search() mostly just complicates and slows things down. >>>> >>>> The first patch is just cleanup. Next imports and initializes setools. >>>> Patches 3-4 update a lot of the users of search() and info() to work with the next >>>> changes. >>>> Patches 5-6 update search() and info() themselves and the last drops the C >>>> module completely >>>> >>>> I dont know the status of setools4 on fedora (someone else will have to update >>>> the README if needed) or others but I've added it masked in gentoo a fair while >>>> ago. Once this patchset is merged we can finally get rid of setools3, its been >>>> half-broken for a while now. >>> >>> AFAICT, setools4 is not packaged for Fedora yet. >>> $ git clone https://github.com/TresysTechnology/setools >>> $ cd setools >>> $ git checkout 4.0 >> $ python setup.py build_ext >> >> Try that to build the C module first before installing > > Thanks, that yielded a working sesearch at least. Unfortunately, I now > get this with sepolicy with your patches applied, unless I am somehow > still running the old version: > $ sepolicy > Traceback (most recent call last): > File "/usr/bin/sepolicy", line 27, in <module> > import sepolicy > File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line > 7, in <module> > from . import _policy > ImportError: libapol.so.4: cannot open shared object file: No such file > or directory > > This is after doing: > $ sudo make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel > in selinux with your patches applied. Never mind - had to remove a file leftover from the older version (apparently the name changed?). _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
