[refpolicy] Parsing Binary Ref Policy
Hong
kindloaf at gmail.com
Thu Aug 28 22:54:50 CDT 2008
I am trying to parse the refpolicy under ubuntu 8.04. I used
/etc/selinux/refplicy/policy/policy.22. The size of the binary policy is
about 360K(accurate size is 360296).
Then I use "dispol" tool in checkpolicy to parse the policy. However I feel
that the parsing result is not correct. There are many domains missing in
the parse result. There is no htttpd domain, no ftpd domain...
And the access vector really confuses me. For example, I think the domain
insmod_t should be entered through insmod, rmmod, ... But from the policy,
domain insmod_t has the entrypoint privilege over a lot of types:
hplip_etc_t, lpd_tmp_t, proc_afs_t, pam_tmp_t, ... (there are more than 300
of them).
Did I do anything wrong? And if I am getting the correct binary policy, why
the entrypoint privilege is configure this way?
Thanks.
Hong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20080828/4ebdb27b/attachment.html
More information about the refpolicy
mailing list