djbdns needs optional

All of lore.kernel.org
 help / color / mirror / Atom feed

* djbdns needs optional_policy
@ 2007-05-30 14:51 dwalsh
  2007-05-31 10:24 ` Petre Rodan
  0 siblings, 1 reply; 5+ messages in thread
From: dwalsh @ 2007-05-30 14:51 UTC (permalink / raw)
  To: cpebenito; +Cc: selinux

--- nsaserefpolicy/policy/modules/services/djbdns.te	2007-05-29 14:10:57.000000000 -0400
+++ serefpolicy-3.0.1/policy/modules/services/djbdns.te	2007-05-30 07:35:54.000000000 -0400
@@ -44,4 +44,7 @@
 libs_use_ld_so(djbdns_axfrdns_t)
 libs_use_shared_libs(djbdns_axfrdns_t)
 
-ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+optional_policy(`
+	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+')
+

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: djbdns needs optional_policy
  2007-05-30 14:51 djbdns needs optional_policy dwalsh
@ 2007-05-31 10:24 ` Petre Rodan
  2007-05-31 11:15   ` Daniel J Walsh
  0 siblings, 1 reply; 5+ messages in thread
From: Petre Rodan @ 2007-05-31 10:24 UTC (permalink / raw)
  To: dwalsh; +Cc: cpebenito, selinux

[-- Attachment #1: Type: text/plain, Size: 659 bytes --]


Hi Daniel,

On Wed, May 30, 2007 at 10:51:20AM -0400, dwalsh@redhat.com wrote:
> --- nsaserefpolicy/policy/modules/services/djbdns.te	2007-05-29 14:10:57.000000000 -0400
> +++ serefpolicy-3.0.1/policy/modules/services/djbdns.te	2007-05-30 07:35:54.000000000 -0400
> @@ -44,4 +44,7 @@
>  libs_use_ld_so(djbdns_axfrdns_t)
>  libs_use_shared_libs(djbdns_axfrdns_t)
>  
> -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> +optional_policy(`
> +	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> +')
> +

http://marc.info/?l=selinux&m=117621284727331&w=2

what is the reason for your tweak? 

bye,
peter


[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: djbdns needs optional_policy
  2007-05-31 10:24 ` Petre Rodan
@ 2007-05-31 11:15   ` Daniel J Walsh
  2007-05-31 13:00     ` Christopher J. PeBenito
  0 siblings, 1 reply; 5+ messages in thread
From: Daniel J Walsh @ 2007-05-31 11:15 UTC (permalink / raw)
  To: dwalsh, cpebenito, selinux

Petre Rodan wrote:
> Hi Daniel,
>
> On Wed, May 30, 2007 at 10:51:20AM -0400, dwalsh@redhat.com wrote:
>   
>> --- nsaserefpolicy/policy/modules/services/djbdns.te	2007-05-29 14:10:57.000000000 -0400
>> +++ serefpolicy-3.0.1/policy/modules/services/djbdns.te	2007-05-30 07:35:54.000000000 -0400
>> @@ -44,4 +44,7 @@
>>  libs_use_ld_so(djbdns_axfrdns_t)
>>  libs_use_shared_libs(djbdns_axfrdns_t)
>>  
>> -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
>> +optional_policy(`
>> +	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
>> +')
>> +
>>     
>
> http://marc.info/?l=selinux&m=117621284727331&w=2
>
> what is the reason for your tweak? 
>
> bye,
> peter
>
>   
It's been a while, but I believe if ucspictcp and djbdns are built as 
modules the packages will not build correctly. 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: djbdns needs optional_policy
  2007-05-31 11:15   ` Daniel J Walsh
@ 2007-05-31 13:00     ` Christopher J. PeBenito
  2007-05-31 14:58       ` Daniel J Walsh
  0 siblings, 1 reply; 5+ messages in thread
From: Christopher J. PeBenito @ 2007-05-31 13:00 UTC (permalink / raw)
  To: Daniel J Walsh; +Cc: selinux

On Thu, 2007-05-31 at 07:15 -0400, Daniel J Walsh wrote:
> Petre Rodan wrote:
> > Hi Daniel,
> >
> > On Wed, May 30, 2007 at 10:51:20AM -0400, dwalsh@redhat.com wrote:
> >   
> >> --- nsaserefpolicy/policy/modules/services/djbdns.te	2007-05-29 14:10:57.000000000 -0400
> >> +++ serefpolicy-3.0.1/policy/modules/services/djbdns.te	2007-05-30 07:35:54.000000000 -0400
> >> @@ -44,4 +44,7 @@
> >>  libs_use_ld_so(djbdns_axfrdns_t)
> >>  libs_use_shared_libs(djbdns_axfrdns_t)
> >>  
> >> -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> >> +optional_policy(`
> >> +	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> >> +')
> >> +
> >>     
> >
> > http://marc.info/?l=selinux&m=117621284727331&w=2
> >
> > what is the reason for your tweak? 
> >
> > bye,
> > peter
> >
> >   
> It's been a while, but I believe if ucspictcp and djbdns are built as 
> modules the packages will not build correctly. 

Build or link fails?  I would expect the link to fail.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: djbdns needs optional_policy
  2007-05-31 13:00     ` Christopher J. PeBenito
@ 2007-05-31 14:58       ` Daniel J Walsh
  0 siblings, 0 replies; 5+ messages in thread
From: Daniel J Walsh @ 2007-05-31 14:58 UTC (permalink / raw)
  To: Christopher J. PeBenito; +Cc: selinux

Christopher J. PeBenito wrote:
> On Thu, 2007-05-31 at 07:15 -0400, Daniel J Walsh wrote:
>   
>> Petre Rodan wrote:
>>     
>>> Hi Daniel,
>>>
>>> On Wed, May 30, 2007 at 10:51:20AM -0400, dwalsh@redhat.com wrote:
>>>   
>>>       
>>>> --- nsaserefpolicy/policy/modules/services/djbdns.te	2007-05-29 14:10:57.000000000 -0400
>>>> +++ serefpolicy-3.0.1/policy/modules/services/djbdns.te	2007-05-30 07:35:54.000000000 -0400
>>>> @@ -44,4 +44,7 @@
>>>>  libs_use_ld_so(djbdns_axfrdns_t)
>>>>  libs_use_shared_libs(djbdns_axfrdns_t)
>>>>  
>>>> -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
>>>> +optional_policy(`
>>>> +	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
>>>> +')
>>>> +
>>>>     
>>>>         
>>> http://marc.info/?l=selinux&m=117621284727331&w=2
>>>
>>> what is the reason for your tweak? 
>>>
>>> bye,
>>> peter
>>>
>>>   
>>>       
>> It's been a while, but I believe if ucspictcp and djbdns are built as 
>> modules the packages will not build correctly. 
>>     
>
> Build or link fails?  I would expect the link to fail.
>
>   
Probably at link.  It happened a long time ago.  So I guess if both 
modules are installed at the same time and removed at the same time this 
is not needed.  I probably added one module to strict and had it blow up 
on me, so I changed it to optional.  Then later I added the other policy 
to strict.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2007-05-31 14:59 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-30 14:51 djbdns needs optional_policy dwalsh
2007-05-31 10:24 ` Petre Rodan
2007-05-31 11:15   ` Daniel J Walsh
2007-05-31 13:00     ` Christopher J. PeBenito
2007-05-31 14:58       ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.