Stephen Smalley <stephen.smalley.work@xxxxxxxxx> writes: > On Fri, Mar 31, 2023 at 8:37 AM Petr Lautrbach <lautrbach@xxxxxxxxxx> wrote: >> >> Hi, >> >> I've got a question what is `sesearch --neverallow` good for and how to >> make it work. I wasn't able to get any output from this command. >> >> Is it supposed to work with current userspace and policies? How? > > I don't see how it could work. neverallow rules aren't preserved in > the kernel policies. > It would only make sense if sesearch could be run on source policies or modules. Which according to `man sesearch` is possible, but only monolithic policy.conf. -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift
