Bug 1731501
Summary: | [RFE] add possibility to check sum of loaded module | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Filip Krska <fkrska> |
Component: | policycoreutils | Assignee: | Petr Lautrbach <plautrba> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | Jan Fiala <jafiala> |
Priority: | medium | ||
Version: | 8.4 | CC: | batkisso, dwalsh, jafiala, lagordon, lvrabec, mjahoda, mmalik, plautrba, ssekidde, tscherf, vmojzis |
Target Milestone: | rc | Keywords: | FutureFeature, Triaged |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | policycoreutils-2.9-17.el8 | Doc Type: | Enhancement |
Doc Text: |
.New option to verify SELinux module checksums
With the newly added `--checksum` option to the `semodule` command, you can verify the versions of installed SELinux policy modules.
Because Common Intermediate Language (CIL) does not store module name and module version in the module itself, there previously was no simple way to verify that the installed module is the same version as the module which was supposed to be installed.
With the new command `semodule -l --checksum`, you receive a SHA256 hash of the specified module and can compare it with the checksum of the original file, which is faster than reinstalling modules.
Example of use:
----
# semodule -l --checksum | grep localmodule
localmodule sha256:db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd
# /usr/libexec/selinux/hll/pp localmodule.pp | sha256sum
db002f64ddfa3983257b42b54da7b182c9b2e476f47880ae3494f9099e1a42bd -
----
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-10 15:25:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Filip Krska
2019-07-19 14:41:05 UTC
https://github.com/SELinuxProject/selinux/commit/ed4813be615182b0f4b8fcabbaad0256ed80845d https://github.com/SELinuxProject/selinux/commit/f37b3e94d328bcb36d57e571e755922a4237bdc7 https://github.com/SELinuxProject/selinux/commit/c28763c4c9736fd6d83a11740f97035d076a1d71 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (policycoreutils bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2068 |