Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1315

RFC: selinuxd: use semodule --checksum and priorities instead of datastore

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • 5
    • False
    • None
    • False

      https://github.com/containers/selinuxd/issues/40

       

      I probably miss some piece of the puzzle but it looks like all datastore functionality could be implemented using `semodule` utility or libsemanage library. Bellow are shell snippets describing how it could work.

      • List()
        `semodule -lfull | grep -E '^350 `
      • Put() is not necessagy, it's automatically covered by `semodule -i ...`
      • Get()
        ~~~
      1. semodule -lfull --checksum | grep -E '^350 ' | grep $policy
        350 testpolicy           cil           sha256:0d682da9f705d4a44bad5151c59598f96a1839e10efe5f00b2bd16ba3c562676 
        ~~~

      This works on Fedora 36, RHEL-8.6, and RHEL9 and later

      • Remove() - automatically covered by `semodule -r ...`

       

            Unassigned Unassigned
            rhn-engineering-plautrba Petr Lautrbach
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: