From: Steve Lawrence <slawrence@tresys.com>
To: Dominick Grift <dominick.grift@gmail.com>
Cc: SELinux List <selinux@tycho.nsa.gov>
Subject: Re: [RFC] Source Policy, CIL, and High Level Languages
Date: Thu, 1 May 2014 08:57:53 -0400 [thread overview]
Message-ID: <536244D1.70102@tresys.com> (raw)
In-Reply-To: <1398947912.19535.7.camel@x220.localdomain>
On 05/01/2014 08:38 AM, Dominick Grift wrote:
> On Tue, 2014-04-29 at 10:59 -0400, Steve Lawrence wrote:
>
> I have not yet had time to try this out but i think i may have found
> another bug in secilc.
>
> dontaudit rules are not included in the policy it seems.
>
> Today i called a terms_dontaudit_use_console()
>
> which basically has a rule like:
>
> (dontaudit ARG1 console_device_t rw_term_perms)
>
> But the rule is not ending up in the resulting policy (in no dontaudit
> rules at all)
>
> secilc is looking mighty good overall though.
>
I've tested with the pp to CIL method, Jim's cilpolicy.git, and a very
bare bones cil policy in test/policy.cil and I cannot reproduce the
issue you describe where dontaudit rules don't end up in the policy. The
only thing I can think of is that you're giving the -D flag, which will
disable dontaudits. If that's not the case, would it be possible to
provide us your CIL files?
Thanks,
- Steve
next prev parent reply other threads:[~2014-05-01 12:58 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-29 14:59 [RFC] Source Policy, CIL, and High Level Languages Steve Lawrence
2014-05-01 12:38 ` Dominick Grift
2014-05-01 12:57 ` Steve Lawrence [this message]
2014-05-01 13:24 ` Dominick Grift
2014-05-01 13:27 ` Dominick Grift
2014-05-01 13:31 ` Dominick Grift
2014-05-01 14:01 ` Steve Lawrence
-- strict thread matches above, loose matches on Subject: below --
2014-07-09 19:21 Steve Lawrence
2014-07-10 6:51 ` Dominick Grift
2014-07-10 12:19 ` Steve Lawrence
2014-07-10 12:35 ` Stephen Smalley
2014-07-10 12:52 ` Dominick Grift
2014-07-10 13:09 ` Dominick Grift
2014-07-10 13:12 ` Stephen Smalley
2014-07-10 13:26 ` Dominick Grift
2014-07-10 13:38 ` Stephen Smalley
2014-07-10 13:45 ` Dominick Grift
2014-07-11 15:02 ` Steve Lawrence
2014-07-15 20:11 ` Steve Lawrence
2014-07-10 15:02 ` Stephen Smalley
2014-07-11 17:20 ` Steve Lawrence
2014-07-14 16:48 ` Stephen Smalley
2014-07-14 16:53 ` Stephen Smalley
2014-07-14 17:08 ` Stephen Smalley
2014-07-14 17:12 ` Steve Lawrence
2014-07-14 17:49 ` Stephen Smalley
2014-07-15 19:56 ` Steve Lawrence
2014-07-16 14:16 ` Stephen Smalley
2014-07-16 14:21 ` Stephen Smalley
2014-07-16 14:26 ` Stephen Smalley
2014-07-16 14:33 ` Stephen Smalley
2014-07-16 15:11 ` Steve Lawrence
2014-07-16 15:53 ` Dominick Grift
2014-07-16 15:58 ` Dominick Grift
2014-07-16 19:00 ` Stephen Smalley
2014-07-17 13:49 ` Steve Lawrence
2014-07-17 14:02 ` Stephen Smalley
2014-07-17 18:02 ` Stephen Smalley
2014-07-17 18:58 ` Steve Lawrence
2014-07-17 19:10 ` Stephen Smalley
2014-07-17 19:48 ` Stephen Smalley
2014-07-17 20:04 ` Steve Lawrence
2014-07-17 20:37 ` Stephen Smalley
2014-07-17 20:50 ` Daniel J Walsh
2014-07-17 20:52 ` Daniel J Walsh
2014-07-23 19:24 ` Stephen Smalley
2014-07-24 12:48 ` Daniel J Walsh
2014-07-18 12:59 ` Steve Lawrence
2014-07-18 14:30 ` Stephen Smalley
2014-07-18 15:57 ` Steve Lawrence
2014-07-22 15:05 ` James Carter
2014-07-18 14:13 ` Christopher J. PeBenito
2014-07-17 19:51 ` Steve Lawrence
2014-07-22 14:47 ` James Carter
2014-07-16 15:43 ` Steve Lawrence
2014-07-14 17:33 ` Dominick Grift
2014-07-18 16:00 ` Steve Lawrence
2014-07-18 18:10 ` Stephen Smalley
2014-07-21 14:34 ` Steve Lawrence
2014-07-21 14:51 ` Stephen Smalley
2014-07-21 17:50 ` Steve Lawrence
2014-08-01 14:51 ` Steve Lawrence
2014-08-01 17:46 ` Stephen Smalley
2014-08-04 14:07 ` Steve Lawrence
2014-08-18 22:37 ` Steve Lawrence
2014-07-10 13:52 ` Stephen Smalley
2014-07-10 14:06 ` Dominick Grift
2014-07-10 14:09 ` Steve Lawrence
2014-07-10 14:58 ` James Carter
2014-07-10 13:59 ` Stephen Smalley
2014-07-10 14:53 ` Steve Lawrence
2014-07-10 14:11 ` Stephen Smalley
2014-07-10 14:13 ` Stephen Smalley
2014-07-10 14:17 ` Steve Lawrence
2014-07-10 14:20 ` Stephen Smalley
2014-07-10 14:23 ` Dominick Grift
2014-07-10 14:25 ` Stephen Smalley
2014-07-10 14:34 ` Stephen Smalley
2014-07-10 14:50 ` Dominick Grift
2014-07-10 14:43 ` Dominick Grift
2014-07-10 14:30 ` Stephen Smalley
2014-07-10 14:50 ` Stephen Smalley
2014-07-10 15:05 ` Steve Lawrence
2014-07-10 15:08 ` Stephen Smalley
2014-07-10 16:04 ` Steve Lawrence
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536244D1.70102@tresys.com \
--to=slawrence@tresys.com \
--cc=dominick.grift@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.