|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Sounds to me like you never loaded a policy. I'd bet you are getting
inside the if (!ss_initialized) section of
security_sid_to_context_core. You have to load a policy before you
can properly set and retrieve labels.
On Wed, Nov 16, 2011 at 1:15 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
> Hi again,
> I am trying to set/get file SELinux contexts using the set/getfilecon
> programs. I added debug prints in the kernel to track code flow. I notice
> that although setfilecon succeeds on a given file, a subsequent call to
> getfilecon on the same file returns the string "kernel" irrespective of the
> context that was set using setfilecon. On any other file whose context is
> not set yet, getfilecon properly returns the string "unlabeled"
> I suspect the inode struct in the kernel is not being updated properly after
> a setxattr call. Has anyone else faced a similar problem? I am working on
> Android's Nexus one phone.
> On Fri, Nov 11, 2011 at 12:33 PM, Bhargava Shastry <bshas3@xxxxxxxxx> wrote:
>>> Don't set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX, and then you
>>> don't need to set a value at all. The only purpose of the option is to
>>> force the kernel to report an older version than it truly supports, and
>>> that was only to deal with a compatibility issue in Fedora 2/3.
>> This somehow slipped my mind. Thanks, problem solved.
>> Bhargava Shastry
> Bhargava Shastry
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]