From: Dominick Grift <dac.override@gmail.com>
To: selinux@tycho.nsa.gov
Subject: Re: secilc bug
Date: Mon, 4 May 2015 17:44:44 +0200 [thread overview]
Message-ID: <20150504154444.GC17043@x131e> (raw)
In-Reply-To: <55479132.5000809@tresys.com>
[-- Attachment #1: Type: text/plain, Size: 1101 bytes --]
On Mon, May 04, 2015 at 11:33:06AM -0400, Steve Lawrence wrote:
>
> I think this might be a reset issue, with classmappings or something
> related to classmappings not getting reset/re-resolved correctly. I've
> noticed that with xserver.cil removed, some optional fails and causes a
> re-resolve. Then when writing to the binary, the allow rule mentioned
> ends up with all perms being empty, and so the allow rule is never added.
>
> Note I also needed to modify EXCLUDE to exclude a handful of files due
> to dependencies with xserver. I've attached that file.
>
Yes, indeed. My policy infrastructure support local changes though
One can create an EXCLUDE.local file in the root and in there add the modules one wishes to exclude
This file should not conflict with the "upstream" EXCLUDE file
So EXCLUDE is used by upstream and EXCLUDE.local is for local exclusions
Similarly seusers and seusers.local
Basically the repository has a local and upstream side, so that one can make local changes without breaking the repository by for example updating it with git pull
[-- Attachment #2: Type: application/pgp-signature, Size: 648 bytes --]
next prev parent reply other threads:[~2015-05-04 15:44 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-02 2:49 [GIT PULL] SELinux patches for 4.1 Paul Moore
2015-04-02 12:32 ` James Morris
2015-04-02 21:18 ` Paul Moore
2015-04-03 2:45 ` James Morris
2015-04-03 9:04 ` Paul Moore
2015-04-03 15:07 ` James Morris
2015-04-03 22:22 ` Paul Moore
2015-04-04 0:49 ` James Morris
2015-04-04 2:36 ` Paul Moore
2015-04-05 23:14 ` James Morris
2015-04-06 12:48 ` Paul Moore
2015-04-06 14:04 ` James Morris
2015-04-06 14:09 ` James Morris
2015-04-07 0:43 ` Paul Moore
2015-04-08 10:57 ` James Morris
2015-04-08 11:04 ` Paul Moore
2015-04-13 1:46 ` James Morris
2015-04-23 22:06 ` Paul Moore
2015-04-24 0:24 ` James Morris
2015-04-24 14:53 ` Paul Moore
2015-04-24 16:20 ` Casey Schaufler
2015-04-26 21:22 ` Paul Moore
2015-04-27 5:28 ` James Morris
2015-04-28 23:53 ` Mimi Zohar
2015-05-02 15:03 ` secilc bug Dominick Grift
2015-05-03 10:50 ` Dominick Grift
2015-05-04 15:19 ` James Carter
2015-05-04 15:33 ` Steve Lawrence
2015-05-04 15:44 ` Dominick Grift [this message]
2015-05-04 15:46 ` Dominick Grift
2015-05-04 15:37 ` Dominick Grift
2015-08-03 19:21 ` Dominick Grift
2015-04-27 5:28 ` [GIT PULL] SELinux patches for 4.1 James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150504154444.GC17043@x131e \
--to=dac.override@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.