> From: Karl MacMillan [mailto:kmacmillan@xxxxxxxxxxxxxxxxx] > > On Wed, 2006-11-01 at 10:27 -0500, Joshua Brindle wrote: > > > From: Karl MacMillan [mailto:kmacmillan@xxxxxxxxxxxxxxxxx] > > > > > > > > I looked at fixing this by changing genfscon to use > > > user_identifier > > > > > instead of identifier (they are the same except > user_identifier > > > > > includes "-"). This made checkpolicy generate a syntax > > > error for all > > > > > genfscon statements - haven't tracked down what the > > > problem is. The > > > > > grammer still seems to be unambiguous. > > > > > > > > Use "user_id" instead. Otherwise, you'll get a syntax > > > error when the > > > > token is classified as an IDENTIFIER (first match) and > the grammar > > > > says that it must be a USER_IDENTIFIER. > > > > > > Right as usual. > > > > > > > Maybe make user_id more generic as it is no longer only > used for users.. > > Just making generic would make the user related parts of the > grammar harder to read. What about this: > Fine. > Index: trunk/checkpolicy/policy_parse.y > =================================================================== > --- trunk/checkpolicy/policy_parse.y (revision 2076) > +++ trunk/checkpolicy/policy_parse.y (working copy) > @@ -605,6 +605,8 @@ > ; > user_id : identifier > | user_identifier > + ; > +dash_id : user_id > ; > user_def : USER user_id ROLES names opt_mls_user ';' > {if (define_user()) return -1;} @@ > -679,11 +681,11 @@ > genfs_contexts : genfs_context_def > | genfs_contexts genfs_context_def > ; > -genfs_context_def : GENFSCON identifier path '-' > identifier security_context_def > +genfs_context_def : GENFSCON dash_id path '-' identifier > security_context_def > {if (define_genfs_context(1)) return -1;} > - | GENFSCON identifier path '-' '-' > {insert_id("-", 0);} security_context_def > + | GENFSCON dash_id path '-' '-' > {insert_id("-", 0);} > +security_context_def > {if (define_genfs_context(1)) return -1;} > - | GENFSCON identifier path > security_context_def > + | GENFSCON dash_id path security_context_def > {if (define_genfs_context(0)) return -1;} > ; > ipv4_addr_def : number '.' number '.' number > '.' number > > > Signed-off by: Karl MacMillan <kmacmillan@xxxxxxxxxxxxxxxxx> > Acked-By: Joshua Brindle <jbrindle@xxxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
