> I've been through this duplicate declaration/out of scope issues many > times. It is one of the reason that i maintain my own policy instead of > using fedoras' policy. > I do something similar - for different machines (which have different requirements) I have prepared separate patches based on the version of the fedora policy used and I just apply them (looking for failures/hunks) when a new version of the policy is released. One of the things which annoys me no end in the fedora policy is using the scatter-gun approach and granting access to the 'generic' net/node/interface to a host of modules as well as granting access to all 'client' packets. That is fundamentally wrong imo! > Sorry, i have not tested it. > Yet, i am pretty sure it would work in my personal policy. > I'll do that tomorrow when I have the chance! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux