selinux prelink avc's (broken paths in policy?)
Daniel J Walsh
dwalsh at redhat.com
Fri May 26 14:21:07 UTC 2006
Christopher Ashworth wrote:
> On Wed, 2006-05-24 at 12:56 -0400, Christopher Ashworth wrote:
>
>> On Wed, 2006-05-24 at 16:38 +0100, Paul Howarth wrote:
>>
>>> So if "semanage fcontext -l" doesn't produce an ordered listing, is
>>> there any way from userland to get one, one that encompasses both the
>>> base policy and any added modules or context objects added using semanage?
>>>
>> I don't know the definitive answer on a userland tool. semanage
>> fcontext -l appears to just be calling libsemanage, which is in turn
>> using Ivan's database functions to list the objects (in this case, the
>> fcontext objects). I'll try to track down what happens between the
>> file_contexts file and the listing.
>>
>
> I had a chance to take another look at this this morning.
>
> In semanage (seobject.py, specifically), the list of file contexts being
> retrieved via semanage_fcontext_list is in the correct order. However,
> it is transfered to a dictionary and printed out by iterating over the
> keys of the dictionary.
>
> Changing this will allow semanage to report the file contexts in the
> original order.
>
> Christopher
>
Ok I updated policycoreutils to use a list instead of a dictionary so
the order is maintained.
More information about the fedora-selinux-list
mailing list