On Thu, 2007-03-29 at 19:43 +0800, Ken YANG wrote:
Stephen Smalley wrote:
> On Thu, 2007-03-29 at 10:49 +0800, Ken YANG wrote:
>> i want to use findcon to find a type "tmpfs_t".
>> but in FC, there is setools* package contaning findcon.
>> i find that secmds(findcon) is in setools-console subpackage
>> why fc has not this subpackage?
>
> That's a question for Dan Walsh (cc'd above) or fedora-selinux-list.
ok, i have cc to fedora-selinux-list
>
>> i down a setools-3.1-1.src.rpm from tresys site, and encounter
>> a build error:
>>
>> policy_extend.c: In function 'qpol_policy_build_attrs_from_map':
>> policy_extend.c:170: error: 'HASHTAB_OVERFLOW' undeclared (first use in
>> this function)
>> policy_extend.c:170: error: (Each undeclared identifier is reported only
>> once
>> policy_extend.c:170: error: for each function it appears in.)
>> policy_extend.c: In function 'qpol_policy_fill_attr_holes':
>> policy_extend.c:246: error: 'HASHTAB_OVERFLOW' undeclared (first use in
>> this function)
>> make[4]: *** [policy_extend.o] Error 1
>> make[4]: Leaving directory
>> `/workbench/rpmbuild/BUILD/setools-3.1/libqpol/src'
>>
>>
>> i have not find "HASHTAB_OVERFLOW" in selinux trunk, especially in
>> libsepol. where is this symbol defined?
>
> Those error codes were replaced by standard ones
> (include/sepol/errcodes.h) in the trunk version of libsepol, so you
> would need to build setools against the stable branch version of
> libsepol until they update setools.
thank you.
i play some tricks on the setools :-)
in the spec file of setools-3.1-3.fc7, i find "findcon" and other cmds
had been removed:
rm -f ${RPM_BUILD_ROOT}/usr/bin/findcon
rm -f ${RPM_BUILD_ROOT}/usr/bin/replcon
rm -f ${RPM_BUILD_ROOT}/usr/bin/searchcon
rm -f ${RPM_BUILD_ROOT}/usr/bin/indexcon
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/searchcon.1
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/indexcon.1
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/replcon.1
rm -f ${RPM_BUILD_ROOT}/usr/share/man/man1/findcon.1
rm -rf ${RPM_BUILD_ROOT}%{_includedir}/libsefs/sqlite
so i comment "findcon relative" items, and add corresponding items
in "files" list.
it seems that this kind of "findcon" works.
this is a temporary method, i just want to use findcon to search
certain context
How does it differ from find . -context ...?
--
Stephen Smalley
National Security Agency