From: qingtao.cao.au@gmail.com (Qingtao Cao) Date: Thu, 6 Jun 2013 12:29:44 +0800 Subject: [refpolicy] [PATCH 1/1] Remove the hard-coding of selinuxfs mountpoint In-Reply-To: <51AF76E1.30304@tresys.com> References: <1369733330-12010-1-git-send-email-qingtao.cao.au@gmail.com> <51AF76E1.30304@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks Chris for your comments! Please check out the revised version that uses sestatus. Now that the "selinux_mnt" string is initialized by libselinux and sestatus has printed it out anyway, it would be relatively easier to mainpulate sestatus result than touching the libselinux swig wrapper and writing a relevant python. Thanks, Harry On Thu, Jun 6, 2013 at 1:35 AM, Christopher J. PeBenito < cpebenito@tresys.com> wrote: > On 05/28/13 05:28, Qingtao Cao wrote: > > Remove the hard-coding of selinuxfs mountpoint in Rules.monolithic, > > especially since it has been relocated to /sys/fs/. > > > > Signed-off-by: Qingtao Cao > > --- > > Rules.monolithic | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/Rules.monolithic b/Rules.monolithic > > index 7c4d035..acac675 100644 > > --- a/Rules.monolithic > > +++ b/Rules.monolithic > > @@ -5,7 +5,8 @@ > > > > # determine the policy version and current kernel version if possible > > pv := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > > -kv := $(shell cat /selinux/policyvers) > > +selinuxfs_mnt = $(shell mount | grep selinuxfs | cut -f 3 -d ' ') > > +kv := $(shell cat $(selinuxfs_mnt)/policyvers) > > > > # dont print version warnings if we are unable to determine > > # the currently running kernel's policy version > > I'd like to do something like this, but I don't think this way is the > best, as Gentoo, for example, has two mounts of selinuxfs (in /sys/fs/ and > / for compat). It seems like updating the selinuxconfig tool would be > best, but Fedora doesn't include it. We might have to grep it from > sestatus output. Or we could update the libselinux swig wrapper to export > selinux_mnt, so we could use a python script to find the mount point. > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130606/4e1c971f/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-Remove-the-hard-coding-of-selinuxfs-mountpoint.patch Type: application/octet-stream Size: 1087 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20130606/4e1c971f/attachment.obj