[refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
@ 2010-08-24 19:50 James Carter
  2010-08-25 12:50 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2010-08-24 19:50 UTC (permalink / raw)
  To: refpolicy

This is obviously not a solution.  The problem here is that m4 is being
used to perform string concatenation.  The argument, which is a boolean,
is not being used like a boolean and this is a problem when you are
inferring data types.  

The interface is not being used, so ignoring it doesn't cause a problem
for now.

--- 
 policy/modules/kernel/selinux.if |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index f8b357c..c1d0d98 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
 
        # because of this statement, any module which
        # calls this interface must be in the base module:
-       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
+       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
 ')
 
 ########################################

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
  2010-08-24 19:50 [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if James Carter
@ 2010-08-25 12:50 ` Christopher J. PeBenito
  2010-08-25 13:56   ` Daniel J Walsh
  2010-08-25 14:00   ` James Carter
  0 siblings, 2 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2010-08-25 12:50 UTC (permalink / raw)
  To: refpolicy

On 08/24/10 15:50, James Carter wrote:
> This is obviously not a solution.  The problem here is that m4 is being
> used to perform string concatenation.  The argument, which is a boolean,
> is not being used like a boolean and this is a problem when you are
> inferring data types.
>
> The interface is not being used, so ignoring it doesn't cause a problem
> for now.

If I'm not mistaken, Dan uses this in the Fedora policy.  We've also 
used this in internal Tresys projects.

> ---
>   policy/modules/kernel/selinux.if |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> index f8b357c..c1d0d98 100644
> --- a/policy/modules/kernel/selinux.if
> +++ b/policy/modules/kernel/selinux.if
> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>
>          # because of this statement, any module which
>          # calls this interface must be in the base module:
> -       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> +       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>   ')
>
>   ########################################
>


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
  2010-08-25 12:50 ` Christopher J. PeBenito
@ 2010-08-25 13:56   ` Daniel J Walsh
  2010-08-25 14:00   ` James Carter
  1 sibling, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-08-25 13:56 UTC (permalink / raw)
  To: refpolicy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/25/2010 08:50 AM, Christopher J. PeBenito wrote:
> On 08/24/10 15:50, James Carter wrote:
>> This is obviously not a solution.  The problem here is that m4 is being
>> used to perform string concatenation.  The argument, which is a boolean,
>> is not being used like a boolean and this is a problem when you are
>> inferring data types.
>>
>> The interface is not being used, so ignoring it doesn't cause a problem
>> for now.
> 
> If I'm not mistaken, Dan uses this in the Fedora policy.  We've also 
> used this in internal Tresys projects.
> 
>> ---
>>   policy/modules/kernel/selinux.if |    2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
>> index f8b357c..c1d0d98 100644
>> --- a/policy/modules/kernel/selinux.if
>> +++ b/policy/modules/kernel/selinux.if
>> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>>
>>          # because of this statement, any module which
>>          # calls this interface must be in the base module:
>> -       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>> +       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>>   ')
>>
>>   ########################################
>>
> 
> 
I used it but until we can define booleans in modules it is fairly useless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkx1IQEACgkQrlYvE4MpobPzZACgqtxlXjXMcl5Dv8CJHfAlLULq
drAAoOJn7pieDHIqJ6zOB7LqRNtSWP7q
=W9Bp
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
  2010-08-25 12:50 ` Christopher J. PeBenito
  2010-08-25 13:56   ` Daniel J Walsh
@ 2010-08-25 14:00   ` James Carter
  1 sibling, 0 replies; 4+ messages in thread
From: James Carter @ 2010-08-25 14:00 UTC (permalink / raw)
  To: refpolicy

On Wed, 2010-08-25 at 08:50 -0400, Christopher J. PeBenito wrote:
> On 08/24/10 15:50, James Carter wrote:
> > This is obviously not a solution.  The problem here is that m4 is being
> > used to perform string concatenation.  The argument, which is a boolean,
> > is not being used like a boolean and this is a problem when you are
> > inferring data types.
> >
> > The interface is not being used, so ignoring it doesn't cause a problem
> > for now.
> 
> If I'm not mistaken, Dan uses this in the Fedora policy.  We've also 
> used this in internal Tresys projects.
> 

I was afraid that someone was using it.

I guess we will have to support some sort of string concatenation in
CIL.

> > ---
> >   policy/modules/kernel/selinux.if |    2 +-
> >   1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> > index f8b357c..c1d0d98 100644
> > --- a/policy/modules/kernel/selinux.if
> > +++ b/policy/modules/kernel/selinux.if
> > @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
> >
> >          # because of this statement, any module which
> >          # calls this interface must be in the base module:
> > -       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> > +       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> >   ')
> >
> >   ########################################
> >
> 
> 

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2010-08-25 14:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-24 19:50 [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if James Carter
2010-08-25 12:50 ` Christopher J. PeBenito
2010-08-25 13:56   ` Daniel J Walsh
2010-08-25 14:00   ` James Carter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.