check_nodemap $nm trusted_nodemap 1
sleep 10
+ l_getsepol || error "cannot get sepol"
sepol=$(l_getsepol | cut -d':' -f2- | xargs)
+ [ -n "$sepol" ] || error "sepol is empty"
do_facet mgs $LCTL set_param -P nodemap.$nm.sepol="$sepol"
check_nodemap $nm sepol $sepol
ln $DIR/$tdir/toopen $DIR/$tdir/toopen_hl3 && error "hardlink (3)"
# reset correct sepol
+ l_getsepol || error "cannot get sepol"
sepol=$(l_getsepol | cut -d':' -f2- | xargs)
+ [ -n "$sepol" ] || error "sepol is empty"
do_facet mgs $LCTL set_param -P nodemap.c0.sepol="$sepol"
check_nodemap c0 sepol $sepol
int policyver = 0;
char pol_bin_path[PATH_MAX + 1];
struct stat st;
- time_t policymtime;
+ time_t policymtime = 0;
int enforce;
char *policy_type = NULL;
unsigned char *mdval = NULL;
if (rc < 0)
goto out;
- /* Version of loaded policy */
+ /* Max version of loaded policy */
policyver = security_policyvers();
if (policyver < 0) {
errlog("unknown policy version: %s\n", strerror(errno));
goto out;
}
- /* Path of binary policy file */
- snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
- selinux_binary_policy_path(), policyver);
-
- /* Stat binary policy file */
- if (stat(pol_bin_path, &st)) {
- errlog("can't stat %s: %s\n", pol_bin_path, strerror(errno));
- rc = -errno;
- goto out;
+ while (policymtime == 0) {
+ /* Path of binary policy file */
+ snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
+ selinux_binary_policy_path(), policyver);
+
+ /* Stat binary policy file */
+ if (stat(pol_bin_path, &st)) {
+ if (policyver > 0) {
+ policyver--;
+ } else {
+ errlog("can't stat %s.*: %s\n",
+ selinux_binary_policy_path(),
+ strerror(errno));
+ rc = -errno;
+ goto out;
+ }
+ } else {
+ policymtime = st.st_mtime;
+ }
}
- policymtime = st.st_mtime;
/* Determine if SELinux is in permissive or enforcing mode */
enforce = security_getenforce();