[redhat-lspp] Re: Rawhide LSPP test kernels, GIT tree.
Stephen Smalley
sds at tycho.nsa.gov
Tue Nov 8 14:58:50 UTC 2005
On Tue, 2005-11-08 at 09:53 -0500, Steve Grubb wrote:
> The real issue, to me, is the "Multiple same specifications" message. There is
> also a message for "Multiple different specifications". The roles database is
> the SE Linux policy files. I think the above multiple messages indicate a
> corrupted data base.
I'd have to see exactly how "roles database" is defined, but I'm
skeptical that it includes the file labels. File contexts is just a
specification of how to apply file labels; it isn't even runtime policy
per se.
> The function process_line in matchpathcon.c detects a lot of errors and
> appears to skip those entries. I don't think that is the correct error action
> for LSPP systems.
Perhaps (see above), but if so, the application using matchpathcon can
always register its own invalidcon callback (as is done by setfiles) and
handle the error as it desires (i.e. exiting). Or a separate callback
could be provided that allows propagation of a return value up the call
chain.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list