On Thu, Jun 11, 2020 at 9:54 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > On a SELinux disabled system the python call > `selinux.security_policyvers()` will fail. > > Move the logic to find a binary policy from the python script > `sepolgen-ifgen` to the C-helper `sepolgen-ifgen-attr-helper`. > Change the helper command line interface to accept an optional policy > path as second argument. If not given try the current loaded policy > (`selinux_current_policy_path`) and if running on a SELinux disabled > system iterate over the default store path appending policy versions > starting at the maximum supported policy version > (`sepol_policy_kern_vers_max`). > > This changes the helper command line interface from: > sepolgen-ifgen-attr-helper policy_file out_file > to > sepolgen-ifgen-attr-helper out_file [policy_file] > and adds a linkage to libselinux. > > Export LIBSELINUXA like LIBSEPOLA in the root Makefile I don't think you need the static libselinux, just add -lselinux and use the shared library. I would have added a -p policy_file optional argument via getopt(3) but no big deal either way. I don't think selinux_binary_policy_path() ever returns a complete pathname so I'm not sure there is any point in testing it first without a version suffix at all? You don't need to re-post the first two patches; those are already queued for merging.
