Christopher J. PeBenito wrote:
> On Mon, 2006-10-02 at 10:20 -0500, Michael C Thompson wrote:
>   
>> Chris PeBenito wrote:
>>     
>>> On Fri, 2006-09-29 at 16:12 -0500, Michael C Thompson wrote:
>>>       
>>>> I just discovered a nasty surprise waiting for me in the default 
>>>> Makefile provided by selinux-policy-devel.
>>>>
>>>> Basically, the Makefile produces, on an MLS system, a TYPE value of 
>>>> mls-msc (this is due to the SELINUXTYPE=mls line in 
>>>> /etc/selinux/config). This will not 'enable_mls' for the M4FLAGS, 
>>>> because the Makefile in /usr/share/selinux/devel/include/ does a 
>>>> findstring for '-mls'.
>>>>
>>>> Dan Walsh has suggested a fix for the default Makefile, but I'm 
>>>> wondering why we can't just change 
>>>> /usr/share/selinux/devel/include/Makefile to do a $(findstring 
>>>> mls,$TYPE)) instead, since its not unreasonable to think that TYPE=mls 
>>>> makes sense.
>>>>         
>>> There is some confusion here, the SELINUXTYPE is not the same as TYPE in
>>> refpolicy, it is NAME in refpolicy.  The TYPE of the Redhat MLS policy
>>> is strict-mls.  TYPE=mls does not make sense, since it does not specify
>>> if the policy is strict or targeted.
>>>       
>> Are there flags (like 'enable_mls') in the policy which require this 
>> delineation?
>>     
>
> Yes, strict_policy and targeted_policy.
>
>   

The latest Makefile in 2.3.17-2 should work properly.