I have a typealias/typealiasactual in dssp2-standard at: https://github.com/DefenSec/dssp2-standard/blob/master/policy/system/rpm.cil#L18 This *works* However now i want to additionally associate "unconfined.user.subj" with "rpm_script_t" So i created a module: echo "(typealiasesactual rpm_script_t unconfined.user.subj)" > mytest.cil && semodule -i mytest.cil it returns (something along those lines): "subj is not an alias" however it seems as though the module did install. I cannot think of any simple way to determine whether it works as I cannot find any "seinfo --typealias" or sesearch "--typealiases" Anyway libsepol segfaults when i try to play more with this So I tried the following (typeattribute rpm_script_aliases_type_attribute) (typeattributeset rpm_script_aliases_type_attribute rpm.script.subj) (typeattributeset rpm_script_aliases_type_attribute unconfined.user.subj) (typealias rpm_script_t) (typealiasactual rpm_script_t rpm_script_aliases_type_attribute) This also return incoherent messages something like "invalid "." in ...", but it seems to install and after that everything just segfaults (libsepol), untill i remove my local customizations I dont know a better way to explain this but looks to me theres a serious bug in how typealiases are handled by libsepol: https://www.youtube.com/watch?v=qe-vqieu2jg -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
