any reason why a class mapping is not able to solve permissionx?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dominick Grift <dominick.grift@defensec.nl>
To: selinux@vger.kernel.org
Subject: any reason why a class mapping is not able to solve permissionx?
Date: Fri, 17 Jan 2020 18:34:48 +0100	[thread overview]
Message-ID: <20200117173448.GA166208@brutus.lan> (raw)

For example this:

(permissionx alg_socket_ioctl_except_SIOCGIFHWADDR (ioctl alg_socket (and (all) (not (0x8927)))))
(classmap all_sockets (ioctl_except_SIOCGIFHWADDR))
(classmapping all_sockets ioctl_except_SIOCGIFHWADDR alg_socket_ioctl_except_SIOCGIFHWADDR)

(allowx a self (all_sockets (ioctl_except_SIOCGIFHWADDR))) 

Say's:

<snip>
Building AST from Parse Tree
Destroying Parse Tree
Resolving AST
Failed to resolve classmapping statement at policy/base/class_maps.cil:994
Problem at policy/base/class_maps.cil:994
Pass 14 of resolution failed
Failed to resolve ast
Failed to compile cildb: -2
make: *** [Makefile:30: policy.32] Error 254

Am i doing something wrong or is this unsupported?

-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

next             reply	other threads:[~2020-01-17 17:44 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-17 17:34 Dominick Grift [this message]
2020-01-17 18:24 ` any reason why a class mapping is not able to solve permissionx? Dominick Grift
2020-01-17 18:36   ` [Non-DoD Source] " jwcart2
2020-01-21 16:26   ` jwcart2
2020-01-23 20:41     ` jwcart2
2020-01-23 21:15       ` Dominick Grift

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200117173448.GA166208@brutus.lan \
    --to=dominick.grift@defensec.nl \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.