On 02/24/2016 11:02 AM, Miroslav Vadkerti wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, In Fedora 23 the policy_module declaration is ignored and the policy module name is taken from the module filename. This can cause confusion for the users in some cases (same policy module declared in different files). # cat test_noaccess.te policy_module(policy_tools_test, 1.0) [snip] # make -f /usr/share/selinux/devel/Makefile Compiling mls test_noaccess module /usr/bin/checkmodule: loading policy configuration from tmp/test_noaccess.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/test_noaccess.mod Creating mls test_noaccess.pp policy package rm tmp/test_noaccess.mod.fc tmp/test_noaccess.mod # semodule -i test_noaccess.pp | grep noaccess test_noaccess If the policy_module is now being ignored, could the policy module "compilation" print a warning about that? Or, maybe better, to generate the module name according to the policy_module specification so we do not regress in the behavior?
policy_module is ignored when the module is converted to CIL. It would be nice to print a warning and it might be possible to provide an option to save the module in the policy store with the module name rather than the file name, but it will take some investigation.
Jim
Thanks and best regards, /M - -- Miroslav Vadkerti :: Senior QE / RHCSS :: BaseOS QE - Security IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Phone +420 532 294 129 :: Mobile +420 773 944 252 Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWzdP1AAoJEBliWhMliBCHrFcH/352QSpGLjqrKqYoUXkMAtzn 8eG+xn8wFjcSjjiGizD3vP0zJo79Qt13c9gZd9IvRbLqn/yCox0l38AA3qM1DA2Q hIguhUynz8nOVhewoxA56ToZl2z5Kvm87Bkc9X9PiMhYO1QhYvikF0DPJhAnGGQw m/xgZ/8Qm1KY3aMvxmgdqZXRiSfAO2aqPYIYLwZtGkNSntxhHQux2kLB7XSsYjhc ZIQmhSLTIV859Rhb8QykUmAlVMwkOqQ8CRLBHNCHp+2mdYpmZu91Ioh4JsEBpWD3 O+u12ZEshxBjghfQspocjrwRI5Z2DMphLDS0PNQEq4zQkO0IgOge7FJvoLSMOps= =QPVY -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
-- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
