From mboxrd@z Thu Jan 1 00:00:00 1970 From: dwalsh@redhat.com (Daniel J Walsh) Date: Wed, 25 Aug 2010 09:56:17 -0400 Subject: [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if In-Reply-To: <4C751198.7000302@tresys.com> References: <1282679433.14992.31.camel@moss-lions.epoch.ncsc.mil> <4C751198.7000302@tresys.com> Message-ID: <4C752101.5040902@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/25/2010 08:50 AM, Christopher J. PeBenito wrote: > On 08/24/10 15:50, James Carter wrote: >> This is obviously not a solution. The problem here is that m4 is being >> used to perform string concatenation. The argument, which is a boolean, >> is not being used like a boolean and this is a problem when you are >> inferring data types. >> >> The interface is not being used, so ignoring it doesn't cause a problem >> for now. > > If I'm not mistaken, Dan uses this in the Fedora policy. We've also > used this in internal Tresys projects. > >> --- >> policy/modules/kernel/selinux.if | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if >> index f8b357c..c1d0d98 100644 >> --- a/policy/modules/kernel/selinux.if >> +++ b/policy/modules/kernel/selinux.if >> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',` >> >> # because of this statement, any module which >> # calls this interface must be in the base module: >> - genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0) >> + #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0) >> ') >> >> ######################################## >> > > I used it but until we can define booleans in modules it is fairly useless. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx1IQEACgkQrlYvE4MpobPzZACgqtxlXjXMcl5Dv8CJHfAlLULq drAAoOJn7pieDHIqJ6zOB7LqRNtSWP7q =W9Bp -----END PGP SIGNATURE-----