From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 6 Jun 2013 09:29:58 -0400
Subject: [refpolicy] [PATCH 1/1] Remove the hard-coding of selinuxfs
	mountpoint
In-Reply-To: <CAPcThSHHRHT7GCxUdQUb85bt58M6O5PXPXv4k0kn5ZuYpOPOrQ@mail.gmail.com>
References: <1369733330-12010-1-git-send-email-qingtao.cao.au@gmail.com>
	<51AF76E1.30304@tresys.com>
	<CAPcThSHHRHT7GCxUdQUb85bt58M6O5PXPXv4k0kn5ZuYpOPOrQ@mail.gmail.com>
Message-ID: <51B08ED6.9050604@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/06/13 00:29, Qingtao Cao wrote:
> Thanks Chris for your comments! Please check out the revised version that uses sestatus.
> 
> Now that the "selinux_mnt" string is initialized by libselinux and sestatus has printed it out anyway, it would be relatively easier to mainpulate sestatus result than touching the libselinux swig wrapper and writing a relevant python.

On second thought, since we only care about the selinuxfs location because we want the policy version, we can just use the python bindings to get the policy version and then not care about selinuxfs.  I committed a patch that does this.


> On Thu, Jun 6, 2013 at 1:35 AM, Christopher J. PeBenito <cpebenito at tresys.com <mailto:cpebenito@tresys.com>> wrote:
> 
>     On 05/28/13 05:28, Qingtao Cao wrote:
>     > Remove the hard-coding of selinuxfs mountpoint in Rules.monolithic,
>     > especially since it has been relocated to /sys/fs/.
>     >
>     > Signed-off-by: Qingtao Cao <qingtao.cao.au at gmail.com <mailto:qingtao.cao.au@gmail.com>>
>     > ---
>     >  Rules.monolithic | 3 ++-
>     >  1 file changed, 2 insertions(+), 1 deletion(-)
>     >
>     > diff --git a/Rules.monolithic b/Rules.monolithic
>     > index 7c4d035..acac675 100644
>     > --- a/Rules.monolithic
>     > +++ b/Rules.monolithic
>     > @@ -5,7 +5,8 @@
>     >
>     >  # determine the policy version and current kernel version if possible
>     >  pv := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ')
>     > -kv := $(shell cat /selinux/policyvers)
>     > +selinuxfs_mnt = $(shell mount | grep selinuxfs | cut -f 3 -d ' ')
>     > +kv := $(shell cat $(selinuxfs_mnt)/policyvers)
>     >
>     >  # dont print version warnings if we are unable to determine
>     >  # the currently running kernel's policy version
> 
>     I'd like to do something like this, but I don't think this way is the best, as Gentoo, for example, has two mounts of selinuxfs (in /sys/fs/ and / for compat).  It seems like updating the selinuxconfig tool would be best, but Fedora doesn't include it.  We might have to grep it from sestatus output.  Or we could update the libselinux swig wrapper to export selinux_mnt, so we could use a python script to find the mount point.
> 
>     --
>     Chris PeBenito
>     Tresys Technology, LLC
>     www.tresys.com <http://www.tresys.com> | oss.tresys.com <http://oss.tresys.com>
> 
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com