[redhat-lspp] libselinux get_default_context not working?
Wightman, Reid K Civ AFRL/IFEB
Reid.Wightman at rl.af.mil
Wed Jun 28 20:07:06 UTC 2006
Infinite apologies if this posts twice. *grumbles something about
MS-Exchange not being the best MTA*
I'm playing with the refpolicy (20060307 from sourceforge...is there a
redhat-blessed version of refpolicy w/source available?) and am noticing
some odd things in libselinux. When calling get_default_context('user_u',
NULL, &conref), the function eventually gets to get_context_list.c line 444
where it tries to open /etc/selinux/refpolicy/contexts/users/user_u . That
file doesn't exist.
I'm curious what the format of the file should be. I don't see anything by
the same name in the targeted or strict policies that come with FC5. As it
is, it eventually fails to order the reachable list it builds, so user_u is
shown as having a default context of user_u:user_r:user_xserver_t, which
probably isn't right, (it just happens to be the first entry on the
reachable contexts list). I'd think the default context for user_u in the
default refpolicy would be user_u:user_r:user_t...
Would it be worthwhile for me to play with the Makefile to automatically
generate some of these files? What stuff should the <user>_u files have in
them? Or shouldn't I be playing with refpolicy for policy analysis at this
point (or, as above, is there a redhat version somewhere)? I don't see a
'user_u' file in targeted o
r strict policies, either, so I'd guess that this same sort of thing would
happen in them?
Thanks,
Reid
--
() ascii ribbon campaign - against html mail
/\ - against proprietary attachments
More information about the redhat-lspp
mailing list