Thanks, it's been around for a bit, I just fixed those things up by hand when I submitted my memprotect kernel patches and every time I played with adding stuff for my allow unknown work, I guess its all my fault for forgetting to say something. sorry. -Eric On 10/16/07, Christopher J. PeBenito <cpebenito@xxxxxxxxxx> wrote: > On Tue, 2007-10-16 at 14:31 -0400, Stephen Smalley wrote: > > On Tue, 2007-10-16 at 14:25 -0400, Christopher J. PeBenito wrote: > > > On Tue, 2007-10-16 at 11:24 -0400, Christopher J. PeBenito wrote: > > > > On Tue, 2007-10-16 at 11:11 -0400, Stephen Smalley wrote: > > > > > On the refpolicy trunk, if you run make in refpolicy/policy/flask and > > > > > try to use the resulting kernel headers, the kernel won't build. > > > > > > I fixed this in trunk, can you verify that its correct now? > > > > > > > > Looks like flask.py is inserting S_(0, 0, 0) lines into av_inherit.h, > > > > > which isn't valid in the kernel's definition of S_() there. Should just > > > > > omit the line altogether I would expect. > > > > > > > > Odd, since the script hasn't changed since March, and I though we > > > > verified it was putting out correct headers. > > > > > > > > > Also, we don't presently seem to have a way of marking common > > > > > definitions as userspace-only and omitting them from the kernel's > > > > > headers, so it is adding the common database definitions > > > > > (unnecessarily). > > > > > > > > This should be interesting to fix, since they're not declared in > > > > security_classes like regular classes are. > > > > > > I modified the script to look at which classes inherit the common and if > > > only userspace object classes inherit it, the definition won't be > > > included in the kernel version of av_inherit.h. > > > > Generates buildable headers now, but still puts the COMMON_DATABASE > > definitions in av_permissions.h unnecessarily. > > Fixed. > > -- > Chris PeBenito > Tresys Technology, LLC > (410) 290-1411 x150 > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
