From: qingtao.cao.au@gmail.com (Qingtao Cao) Date: Fri, 7 Jun 2013 14:35:54 +0800 Subject: [refpolicy] [PATCH 1/1] Remove the hard-coding of selinuxfs mountpoint In-Reply-To: <51B08ED6.9050604@tresys.com> References: <1369733330-12010-1-git-send-email-qingtao.cao.au@gmail.com> <51AF76E1.30304@tresys.com> <51B08ED6.9050604@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks Chris! Your commit sure looks much elegant than mine :-) Cheers, Harry On Thu, Jun 6, 2013 at 9:29 PM, Christopher J. PeBenito < cpebenito@tresys.com> wrote: > On 06/06/13 00:29, Qingtao Cao wrote: > > Thanks Chris for your comments! Please check out the revised version > that uses sestatus. > > > > Now that the "selinux_mnt" string is initialized by libselinux and > sestatus has printed it out anyway, it would be relatively easier to > mainpulate sestatus result than touching the libselinux swig wrapper and > writing a relevant python. > > On second thought, since we only care about the selinuxfs location because > we want the policy version, we can just use the python bindings to get the > policy version and then not care about selinuxfs. I committed a patch that > does this. > > > > On Thu, Jun 6, 2013 at 1:35 AM, Christopher J. PeBenito < > cpebenito at tresys.com > wrote: > > > > On 05/28/13 05:28, Qingtao Cao wrote: > > > Remove the hard-coding of selinuxfs mountpoint in Rules.monolithic, > > > especially since it has been relocated to /sys/fs/. > > > > > > Signed-off-by: Qingtao Cao qingtao.cao.au at gmail.com>> > > > --- > > > Rules.monolithic | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/Rules.monolithic b/Rules.monolithic > > > index 7c4d035..acac675 100644 > > > --- a/Rules.monolithic > > > +++ b/Rules.monolithic > > > @@ -5,7 +5,8 @@ > > > > > > # determine the policy version and current kernel version if > possible > > > pv := $(shell $(CHECKPOLICY) -V |cut -f 1 -d ' ') > > > -kv := $(shell cat /selinux/policyvers) > > > +selinuxfs_mnt = $(shell mount | grep selinuxfs | cut -f 3 -d ' ') > > > +kv := $(shell cat $(selinuxfs_mnt)/policyvers) > > > > > > # dont print version warnings if we are unable to determine > > > # the currently running kernel's policy version > > > > I'd like to do something like this, but I don't think this way is > the best, as Gentoo, for example, has two mounts of selinuxfs (in /sys/fs/ > and / for compat). It seems like updating the selinuxconfig tool would be > best, but Fedora doesn't include it. We might have to grep it from > sestatus output. Or we could update the libselinux swig wrapper to export > selinux_mnt, so we could use a python script to find the mount point. > > > > -- > > Chris PeBenito > > Tresys Technology, LLC > > www.tresys.com | oss.tresys.com < > http://oss.tresys.com> > > > > > > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130607/f7ff613a/attachment.html