Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sepolgen-ifgen: refactor default policy path retrieval
On a SELinux disabled system the python call `selinux.security_policyvers()` will fail. Move the logic to find a binary policy from the python script `sepolgen-ifgen` to the C-helper `sepolgen-ifgen-attr-helper`. Change the helper command line interface to accept an optional policy path as second argument. If not given try the current loaded policy (`selinux_current_policy_path`) and if running on a SELinux disabled system iterate over the default store path appending policy versions starting at the maximum supported policy version (`sepol_policy_kern_vers_max`). This changes the helper command line interface from: sepolgen-ifgen-attr-helper policy_file out_file to sepolgen-ifgen-attr-helper out_file [policy_file] and adds a linkage to libselinux. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
- Loading branch information
1 parent
c40c4e4
commit 4613038
Showing
3 changed files
with
39 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters