On Mon, Jun 15, 2020 at 11:08 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > On a SELinux disabled system the python call > `selinux.security_policyvers()` will fail. > > Move the logic to find a binary policy from the python script > `sepolgen-ifgen` to the C-helper `sepolgen-ifgen-attr-helper`. > Change the helper command line interface to accept an optional policy > path as second argument. If not given try the current loaded policy > (`selinux_current_policy_path`) and if running on a SELinux disabled > system iterate over the default store path appending policy versions > starting at the maximum supported policy version > (`sepol_policy_kern_vers_max`). > > This changes the helper command line interface from: > sepolgen-ifgen-attr-helper policy_file out_file > to > sepolgen-ifgen-attr-helper out_file [policy_file] > and adds a linkage to libselinux. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
