* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
@ 2010-08-24 19:50 James Carter
2010-08-25 12:50 ` Christopher J. PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: James Carter @ 2010-08-24 19:50 UTC (permalink / raw)
To: refpolicy
This is obviously not a solution. The problem here is that m4 is being
used to perform string concatenation. The argument, which is a boolean,
is not being used like a boolean and this is a problem when you are
inferring data types.
The interface is not being used, so ignoring it doesn't cause a problem
for now.
---
policy/modules/kernel/selinux.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index f8b357c..c1d0d98 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
# because of this statement, any module which
# calls this interface must be in the base module:
- genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
+ #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
')
########################################
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
2010-08-24 19:50 [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if James Carter
@ 2010-08-25 12:50 ` Christopher J. PeBenito
2010-08-25 13:56 ` Daniel J Walsh
2010-08-25 14:00 ` James Carter
0 siblings, 2 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2010-08-25 12:50 UTC (permalink / raw)
To: refpolicy
On 08/24/10 15:50, James Carter wrote:
> This is obviously not a solution. The problem here is that m4 is being
> used to perform string concatenation. The argument, which is a boolean,
> is not being used like a boolean and this is a problem when you are
> inferring data types.
>
> The interface is not being used, so ignoring it doesn't cause a problem
> for now.
If I'm not mistaken, Dan uses this in the Fedora policy. We've also
used this in internal Tresys projects.
> ---
> policy/modules/kernel/selinux.if | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> index f8b357c..c1d0d98 100644
> --- a/policy/modules/kernel/selinux.if
> +++ b/policy/modules/kernel/selinux.if
> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>
> # because of this statement, any module which
> # calls this interface must be in the base module:
> - genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> + #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> ')
>
> ########################################
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
2010-08-25 12:50 ` Christopher J. PeBenito
@ 2010-08-25 13:56 ` Daniel J Walsh
2010-08-25 14:00 ` James Carter
1 sibling, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2010-08-25 13:56 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/25/2010 08:50 AM, Christopher J. PeBenito wrote:
> On 08/24/10 15:50, James Carter wrote:
>> This is obviously not a solution. The problem here is that m4 is being
>> used to perform string concatenation. The argument, which is a boolean,
>> is not being used like a boolean and this is a problem when you are
>> inferring data types.
>>
>> The interface is not being used, so ignoring it doesn't cause a problem
>> for now.
>
> If I'm not mistaken, Dan uses this in the Fedora policy. We've also
> used this in internal Tresys projects.
>
>> ---
>> policy/modules/kernel/selinux.if | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
>> index f8b357c..c1d0d98 100644
>> --- a/policy/modules/kernel/selinux.if
>> +++ b/policy/modules/kernel/selinux.if
>> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>>
>> # because of this statement, any module which
>> # calls this interface must be in the base module:
>> - genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>> + #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>> ')
>>
>> ########################################
>>
>
>
I used it but until we can define booleans in modules it is fairly useless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx1IQEACgkQrlYvE4MpobPzZACgqtxlXjXMcl5Dv8CJHfAlLULq
drAAoOJn7pieDHIqJ6zOB7LqRNtSWP7q
=W9Bp
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if
2010-08-25 12:50 ` Christopher J. PeBenito
2010-08-25 13:56 ` Daniel J Walsh
@ 2010-08-25 14:00 ` James Carter
1 sibling, 0 replies; 4+ messages in thread
From: James Carter @ 2010-08-25 14:00 UTC (permalink / raw)
To: refpolicy
On Wed, 2010-08-25 at 08:50 -0400, Christopher J. PeBenito wrote:
> On 08/24/10 15:50, James Carter wrote:
> > This is obviously not a solution. The problem here is that m4 is being
> > used to perform string concatenation. The argument, which is a boolean,
> > is not being used like a boolean and this is a problem when you are
> > inferring data types.
> >
> > The interface is not being used, so ignoring it doesn't cause a problem
> > for now.
>
> If I'm not mistaken, Dan uses this in the Fedora policy. We've also
> used this in internal Tresys projects.
>
I was afraid that someone was using it.
I guess we will have to support some sort of string concatenation in
CIL.
> > ---
> > policy/modules/kernel/selinux.if | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> > index f8b357c..c1d0d98 100644
> > --- a/policy/modules/kernel/selinux.if
> > +++ b/policy/modules/kernel/selinux.if
> > @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
> >
> > # because of this statement, any module which
> > # calls this interface must be in the base module:
> > - genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> > + #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> > ')
> >
> > ########################################
> >
>
>
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-08-25 14:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-24 19:50 [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if James Carter
2010-08-25 12:50 ` Christopher J. PeBenito
2010-08-25 13:56 ` Daniel J Walsh
2010-08-25 14:00 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.