037ac427f8
When building a monolithic policy with 'make load', the selinux_config(5) file 'SELINUXTYPE' entry determines what policy is loaded as load_policy(8) does not take a path value (it always loads the active system policy as defined by /etc/selinux/config). Currently it is possible to load the wrong binary policy, for example if the Reference Policy source is located at: /etc/selinux/refpolicy and the /etc/selinux/config file has the following entry: SELINUXTYPE=targeted Then the /etc/selinux/targeted/policy/policy.<ver> is loaded when 'make load' is executed. Resolve this by using selinux_binary_policy_path(3) to determine the current configured policy name and its location. Another example is that if the Reference Policy source is located at: /tmp/custom-rootfs/etc/selinux/refpolicy and the /etc/selinux/config file has the following entry: SELINUXTYPE=refpolicy Then the /etc/selinux/refpolicy/policy/policy.<ver> is loaded when 'make DESTDIR=/tmp/custom-rootfs load' is executed (not the /tmp/custom-rootfs/etc/selinux/refpolicy/policy/policy.<ver> that the developer thought would be loaded). Resolve this by checking if DESTDIR has been set. Remove the '@touch $(tmpdir)/load' line as the file is never referenced. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
13 lines
308 B
Python
13 lines
308 B
Python
#!/usr/bin/env python3
|
|
|
|
try:
|
|
import warnings
|
|
with warnings.catch_warnings():
|
|
warnings.filterwarnings("ignore", category=PendingDeprecationWarning)
|
|
import selinux
|
|
|
|
if selinux.is_selinux_enabled():
|
|
print(selinux.selinux_binary_policy_path())
|
|
except ImportError:
|
|
exit(0)
|