From: kindloaf@gmail.com (Hong) Date: Thu, 28 Aug 2008 23:54:50 -0400 Subject: [refpolicy] Parsing Binary Ref Policy Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I am trying to parse the refpolicy under ubuntu 8.04. I used /etc/selinux/refplicy/policy/policy.22. The size of the binary policy is about 360K(accurate size is 360296). Then I use "dispol" tool in checkpolicy to parse the policy. However I feel that the parsing result is not correct. There are many domains missing in the parse result. There is no htttpd domain, no ftpd domain... And the access vector really confuses me. For example, I think the domain insmod_t should be entered through insmod, rmmod, ... But from the policy, domain insmod_t has the entrypoint privilege over a lot of types: hplip_etc_t, lpd_tmp_t, proc_afs_t, pam_tmp_t, ... (there are more than 300 of them). Did I do anything wrong? And if I am getting the correct binary policy, why the entrypoint privilege is configure this way? Thanks. Hong -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080828/4ebdb27b/attachment.html