diff options
| author | Nathan Straz <nstraz@redhat.com> | 2012-06-27 16:17:11 -0400 |
|---|---|---|
| committer | Nathan Straz <nstraz@redhat.com> | 2012-06-27 16:17:11 -0400 |
| commit | fdfc6d6ba30e27d947dd28574118835cd382c665 (patch) | |
| tree | 044b2f15d6bd17542cb0cb8aa9bdbdbb0a23e3a4 /SELinux | |
| parent | 10a21d6881114adefd2abddef19869297eeefd80 (diff) | |
| download | qarsh-fdfc6d6ba30e27d947dd28574118835cd382c665.tar.gz qarsh-fdfc6d6ba30e27d947dd28574118835cd382c665.tar.xz qarsh-fdfc6d6ba30e27d947dd28574118835cd382c665.zip | |
Add script to detect and work around some selinux policy issues
Diffstat (limited to 'SELinux')
| -rw-r--r-- | SELinux/rebuild-policy.sh | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/SELinux/rebuild-policy.sh b/SELinux/rebuild-policy.sh new file mode 100644 index 0000000..c500efe --- /dev/null +++ b/SELinux/rebuild-policy.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# +# Try really hard to rebuild SELinux policy +# + +mark_bad() +{ + echo "Avoiding: $1" + echo $1 >> qarshd.bad-interfaces +} + +lookup_rule() +{ + lineno=`grep -B1 $1 tmp/qarshd.tmp | head -n 1 | awk '{print $NF}'`; + head -n $lineno qarshd.te | tail -n 1 | sed -e 's/(qarshd_t)//' +} + +make || exit 1 + +until make load > make.log 2>&1; do + badtype=`cat make.log | perl -n -e'/^libsepol.print_missing_requirements.*attribute (\S+)/ && print "$1\n"'` + if [ -z "$badtype" ]; then + echo "Error not found in make.log" + cat make.log + exit 1 + fi + badint=`lookup_rule $badtype` + if [ -z "$badint" ]; then + echo "Interface not found from bad type $badtype" + exit 1 + fi + mark_bad $badint +done + +rm -f make.log |