RE: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Dan, I didn't realize that optional_policy was for types only.


> Date: Thu, 6 Mar 2014 13:21:04 -0500
> From: dwalsh@xxxxxxxxxx
> To: swazup@xxxxxxxxxxx; mgrepl@xxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Right option_policy only covers missing types not missing interfaces. You
> need to back port the interface. It is only source code.
>
>
> On 03/06/2014 12:28 PM, Jayson Hurst wrote:
> > I had tried the following, but it still complains about the missing
> > kerberos_read_home_content call.
> >
> > optional_policy(` kerberos_rw_config(vasd_t) kerberos_use(vasd_t)
> > optional_policy(` kerberos_read_home_content(vasd_t) ') ')
> >
> >> Date: Thu, 6 Mar 2014 08:57:27 +0100 From: mgrepl@xxxxxxxxxx To:
> >> selinux@xxxxxxxxxxxxxxxxxxxxxxx CC: swazup@xxxxxxxxxxx Subject: Re: Is
> >> there a way to use newer SELinux interface calls, but still
> > compile on machines that don't have them.
> >>
> >> On 03/05/2014 10:35 PM, Jayson Hurst wrote:
> >>> I want to use the kerberos_read_home_content interface method, but it
> >>> seems to be a newer method that doesn't exist on RHEL 6.0, but it does
> >>> on RHEL 6.5. Is there a way to build a single policy that will take
> >>> advantage of this call if its there, but not fail to compile/install if
> >>> it is not?
> >> Yes, you want to use "optional_policy" block .
> >>
> >>
> > http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_policy-block-statement/
> >
> >
> >
> > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlMYvJAACgkQrlYvE4MpobO49QCfQHAruPmP0FIHi/hZpXt6upl+
> Ku4AniSEX1uZkXsDW3RmfawMW/AV6aVE
> =TriK
> -----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux