On Wed, 2012-05-30 at 13:15 +0100, Mr Dash Four wrote: > > that is no recent change. that gen_tunable vs gen_bool is a old issue. > > we currently use gen_tunable() > > > > not sure what gave you the impression that this is new > > > gen_tunable used in "old" version of policies was replaced with gen_bool > instead, so I assumed this is something new. Same with the if ... else > statements - to my knowledge this wasn't possible before or have I got > this wrong as well? > I dont know what you mean. I did one check and its the same as ever: http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/services/apache.te;h=6aa4bdcf8b8f63da32da11373aec76a89e2c4573;hb=595c8bbc1b1789e26005fe3fc74c7d99dbf65d51 example (line #23 to 30) > ## <desc> > ## <p> > ## Allow Apache to modify public files > ## used for public file transfer services, directories/files must > ## be labeled public_content_rw_t. > ## </p> > ## </desc> > gen_tunable(allow_httpd_anon_write, false) > i suspect that you are confusing raw policy with human readable policy gen_tunable(allow_httpd_anon_write, false) versus bool httpd_anon_write false; etc -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
