On 10/14/2016 02:52 PM, Dominick Grift wrote:
> On 10/14/2016 07:40 PM, Stephen Smalley wrote:
>> When a non-MLS policy was used with genhomedircon
>> context_from_record() in sepol would report an error because an
>> MLS level was present when MLS is disabled. Based on a patch by
>> Gary Tierney, amended to use sepol_policydb_mls_enabled rather
>> than semanage_mls_enabled because we are testing the temporary
>> working policy, not the active policy.
>>
>> Reported-by: Jason Zaman <jason@xxxxxxxxxxxxx> Signed-off-by:
>> Stephen Smalley <sds@xxxxxxxxxxxxx> ---
>> libsemanage/src/genhomedircon.c | 6 +++++- 1 file changed, 5
>> insertions(+), 1 deletion(-)
>>
>> diff --git a/libsemanage/src/genhomedircon.c
>> b/libsemanage/src/genhomedircon.c index 6991fff..5e9d722 100644
>> --- a/libsemanage/src/genhomedircon.c +++
>> b/libsemanage/src/genhomedircon.c @@ -638,7 +638,11 @@ static int
>> write_contexts(genhomedircon_settings_t *s, FILE *out, goto
>> fail; }
>>
>> - if (sepol_context_set_user(sepolh, context, user->sename) < 0
>> || + if (sepol_context_set_user(sepolh, context, user->sename) <
>> 0) { + goto fail; + } + + if
>> (sepol_policydb_mls_enabled(s->policydb) &&
>> sepol_context_set_mls(sepolh, context, user->level) < 0) { goto
>> fail; }
>>
>
> I could not get this to work:
>
> libsemanage.validate_handler: seuser mapping [kcinimod ->
> (wheel.id, s0-s0:c0.c1023)] is invalid (No such file or
> directory). libsemanage.dbase_llist_iterate: could not iterate over
> records (No such file or directory) semodule: failed!
I don't see what that error has to do with the patch in question.
Is this a separate problem with using non-MLS policies?
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
