On Tue, 2006-10-31 at 12:49 -0500, Stephen Smalley wrote: > On Sun, 2006-10-29 at 21:06 +0100, Dawid Gajownik wrote: > > Dnia 10/29/2006 06:33 PM, Użytkownik Joshua Brindle napisał: > > > Right, that's a hard fix I think, dashes aren't allowed in > > > identifiers and they are treated specially for use in MLS ranges.. > > > > Oh, that's really bad :( Without that line files on ntfs-3g filesystem > > have unlabeled_t type and I would need to give to many privileges to > > mount_t domain. > > > > So there is no hope to fix it in the clean way? > > File it as a bug against checkpolicy. I looked at fixing this by changing genfscon to use user_identifier instead of identifier (they are the same except user_identifier includes "-"). This made checkpolicy generate a syntax error for all genfscon statements - haven't tracked down what the problem is. The grammer still seems to be unambiguous. I'll try to get back to it soon, but thought I would post this in case someone knows what the issue is off the top of their head. Karl -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
