From: Dominick Grift <dac.override@gmail.com>
To: selinux@tycho.nsa.gov
Subject: Re: secilc bug
Date: Mon, 4 May 2015 17:46:39 +0200 [thread overview]
Message-ID: <20150504154638.GD17043@x131e> (raw)
In-Reply-To: <20150504154444.GC17043@x131e>
[-- Attachment #1: Type: text/plain, Size: 1422 bytes --]
On Mon, May 04, 2015 at 05:44:44PM +0200, Dominick Grift wrote:
> On Mon, May 04, 2015 at 11:33:06AM -0400, Steve Lawrence wrote:
> >
> > I think this might be a reset issue, with classmappings or something
> > related to classmappings not getting reset/re-resolved correctly. I've
> > noticed that with xserver.cil removed, some optional fails and causes a
> > re-resolve. Then when writing to the binary, the allow rule mentioned
> > ends up with all perms being empty, and so the allow rule is never added.
> >
> > Note I also needed to modify EXCLUDE to exclude a handful of files due
> > to dependencies with xserver. I've attached that file.
> >
>
> Yes, indeed. My policy infrastructure support local changes though
>
> One can create an EXCLUDE.local file in the root and in there add the modules one wishes to exclude
>
> This file should not conflict with the "upstream" EXCLUDE file
>
> So EXCLUDE is used by upstream and EXCLUDE.local is for local exclusions
>
> Similarly seusers and seusers.local
>
> Basically the repository has a local and upstream side, so that one can make local changes without breaking the repository by for example updating it with git pull
Running ./laptop --help explains the options a bit
--
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
[-- Attachment #2: Type: application/pgp-signature, Size: 648 bytes --]
next prev parent reply other threads:[~2015-05-04 15:46 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-02 2:49 [GIT PULL] SELinux patches for 4.1 Paul Moore
2015-04-02 12:32 ` James Morris
2015-04-02 21:18 ` Paul Moore
2015-04-03 2:45 ` James Morris
2015-04-03 9:04 ` Paul Moore
2015-04-03 15:07 ` James Morris
2015-04-03 22:22 ` Paul Moore
2015-04-04 0:49 ` James Morris
2015-04-04 2:36 ` Paul Moore
2015-04-05 23:14 ` James Morris
2015-04-06 12:48 ` Paul Moore
2015-04-06 14:04 ` James Morris
2015-04-06 14:09 ` James Morris
2015-04-07 0:43 ` Paul Moore
2015-04-08 10:57 ` James Morris
2015-04-08 11:04 ` Paul Moore
2015-04-13 1:46 ` James Morris
2015-04-23 22:06 ` Paul Moore
2015-04-24 0:24 ` James Morris
2015-04-24 14:53 ` Paul Moore
2015-04-24 16:20 ` Casey Schaufler
2015-04-26 21:22 ` Paul Moore
2015-04-27 5:28 ` James Morris
2015-04-28 23:53 ` Mimi Zohar
2015-05-02 15:03 ` secilc bug Dominick Grift
2015-05-03 10:50 ` Dominick Grift
2015-05-04 15:19 ` James Carter
2015-05-04 15:33 ` Steve Lawrence
2015-05-04 15:44 ` Dominick Grift
2015-05-04 15:46 ` Dominick Grift [this message]
2015-05-04 15:37 ` Dominick Grift
2015-08-03 19:21 ` Dominick Grift
2015-04-27 5:28 ` [GIT PULL] SELinux patches for 4.1 James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150504154638.GD17043@x131e \
--to=dac.override@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.