Lone in the night

For a project, I needed to compile and install a SELinux module only when necessary. Unfortunatelly, there is no versioning on stored modules; I can't check and compare with the source module. I came up with an idea: using MD5 signatures. Modules are stored in /var/lib/selinux/ Policy /active/modules/400/ ModuleName /cil The Policy can be found with sestatus : # sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted ... Stored modules are actually compressed CIL, which can easily been dumped with bzcat : # bzcat /var/lib/selinux/targeted/active/modules/400/my-httpd/cil (typeattributeset cil_gen_require httpd_t) (typeattributeset cil_gen_require default_t) (typeattributeset cil_gen_require sysstat_log_t) (typeattributeset cil_gen_require usr_t) (allow httpd_t usr_t (file (write create unlink setattr))) (allow httpd_t default_t (file (open re...