Package: setools Version: 3.3.5.ds-1 Severity: important When apol is run on the installed policy (such as /etc/selinux/*/policy/policy.*) then it misses out on a lot of symbolic information (such as the types that are in attributes) and thus makes it impossible to determine the reason why some access is permitted.
To solve this I suggest having a script such as the following: #!/bin/bash -e . /etc/selinux/config if [ "$1" = "-s" ]; then shift SELINUXTYPE=$2 shift fi cd /etc/selinux/$SELINUXTYPE/modules/active exec apol base.pp modules/*.pp $* Of course any user could figure this out on their own, but having a script to do it for them saves effort for everyone (even I had to ask the mailing list for advice on this issue). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
