From: domg472@gmail.com (Dominick Grift)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] optional_policy blocks
Date: Tue, 18 Jan 2011 15:58:20 +0100 [thread overview]
Message-ID: <4D35AA8C.5050001@gmail.com> (raw)
In-Reply-To: <1295361554.3083.8.camel@tesla.lan>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/18/2011 03:39 PM, Guido Trentalancia wrote:
> Hello !
>
> I am trying to build and test a modified version of the git reference
> policy. It is being built of type MCS and not monolithic.
>
> Unfortunately, it seems that for some reason all of the
> "optional_policy" blocks that are often used in TE files are not being
> compiled in.
Because optional policy does not apply to monolithic policy. All modules
are in a single module (the base module), thus all dependencies are
installed.
optional policy is used for modular policy where many modules reside in
their own policy module. This enabled you to add and remove specific
modules and introduces the issue of dependencies.
the optional policy (policy in optional policy blocks) say's if this
policy is available then use it and if its not available then ignore it.
> The modules that should trigger the optional_policy blocks are all being
> compiled and loaded...
>
> What should I do to enable the inclusion of such blocks in the policy ?
>
>>From searching the mailing list, I could only find out that in the past,
> the module on which the optional block depends used to be defined at the
> beginning of the optional block... But this should be deprecated now.
>
> The optional blocks usually contain just one or more interface calls,
> such as:
>
> optional_policy(`
> policykit_dbus_chat(system_dbusd_t)
> policykit_domtrans_auth(system_dbusd_t)
> policykit_search_lib(system_dbusd_t)
> ')
>
> where the interface calls are defined in policykit.if. This is actually
> an example from an existing part of the git reference policy.
>
> Regards,
>
> Guido
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk01qowACgkQMlxVo39jgT/uRgCgugiE3hqmnrf8JbLPyYB/EAt/
9vQAni6MpxtYHWwUyj6blAdPpkQGpu5f
=KC5C
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2011-01-18 14:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-18 14:39 [refpolicy] optional_policy blocks Guido Trentalancia
2011-01-18 14:58 ` Dominick Grift [this message]
2011-01-18 15:53 ` Guido Trentalancia
2011-01-18 16:05 ` Dominick Grift
2011-01-18 20:56 ` Guido Trentalancia
2011-01-18 23:51 ` Chris PeBenito
2011-01-18 16:16 ` Guido Trentalancia
2011-01-18 16:27 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D35AA8C.5050001@gmail.com \
--to=domg472@gmail.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.