Menu
▾
▴
[Selinux-bugs] [ selinux-Bugs-1606103 ] Semanage cannot export changes
|
From: SourceForge.net <no...@so...> - 2006-11-30 14:59:28
|
Bugs item #1606103, was opened at 2006-11-30 09:59 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1606103&group_id=21266 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: libsemanage Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Karl MacMillan (kmacmillan) Assigned to: Karl MacMillan (kmacmillan) Summary: Semanage cannot export changes Initial Comment: Stephen Smalley wrote: > On Wed, 2006-11-29 at 18:41 -0500, Steve Friedman wrote: >> The various GUI tools are nice for getting a policy configured correctly; >> however, to propagate this configuration to a series of like modified >> machines one runs into a speed bump. >> >> The files (e.g., booleans.local) state that the semanage command should be >> used to modify the file; however, via the GUI I am blissfully unaware of >> the actual commands (and would like to remain so). >> >> But, it would seem that it should be perfectly legal to propagate the >> various ".local" files directly. If this is legal, what commands must be >> issued to cause selinux to read the various policy updates? If this isn't >> legal, then what means can be used to propagate the policy? > > I don't think it is "legal" in the sense that those files are the > private state of libsemanage and are only supposed to be manipulated via > the libsemanage interfaces by programs like semodule, semanage and > setsebool. libsemanage will ultimately support other backends beyond > just the current direct access to the local file store, such as access > to local and ultimately remote policy management daemons. > > However, I'm not sure that there is a good mechanism at present to do > what you want in a "legal" way (Joshua or Karl feel free to contradict > me if there is). If you do simply copy them over using your favorite > utility for doing so, you can run semodule -B on the target machine to > force a rebuild and reload of the kernel policy from the updated policy > store there. Not sure if that is exported through any GUI at present. > ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=121266&aid=1606103&group_id=21266 |
