[refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
Date: Wed, 25 Aug 2010 08:50:32 -0400	[thread overview]
Message-ID: <4C751198.7000302@tresys.com> (raw)
In-Reply-To: <1282679433.14992.31.camel@moss-lions.epoch.ncsc.mil>

On 08/24/10 15:50, James Carter wrote:
> This is obviously not a solution.  The problem here is that m4 is being
> used to perform string concatenation.  The argument, which is a boolean,
> is not being used like a boolean and this is a problem when you are
> inferring data types.
>
> The interface is not being used, so ignoring it doesn't cause a problem
> for now.

If I'm not mistaken, Dan uses this in the Fedora policy.  We've also 
used this in internal Tresys projects.

> ---
>   policy/modules/kernel/selinux.if |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> index f8b357c..c1d0d98 100644
> --- a/policy/modules/kernel/selinux.if
> +++ b/policy/modules/kernel/selinux.if
> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>
>          # because of this statement, any module which
>          # calls this interface must be in the base module:
> -       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> +       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>   ')
>
>   ########################################
>


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

next prev parent reply	other threads:[~2010-08-25 12:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-24 19:50 [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if James Carter
2010-08-25 12:50 ` Christopher J. PeBenito [this message]
2010-08-25 13:56   ` Daniel J Walsh
2010-08-25 14:00   ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C751198.7000302@tresys.com \
    --to=cpebenito@tresys.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.