Stephen do you have any thoughts on me stealing another flag to specify maybe 'has_unknown'? Then we can only print a message if there is an unknown permission? I could probably also to the printing in the validate_classes loop and not have to carry a flag. dwlash also suggested SELinux: policy loaded with allowing unknown accesses. probably a bit less cryptic. If we like the idea of not printing the message except when relevant I'll make both changes... -Eric On 12/31/07, Eric Paris <eparis@xxxxxxxxxx> wrote: > It means that if you kernel has defined classes and permissions which > the policy doesn't know about those security checks will be 'allowed'. > Aka if you update your kernel and not your policy 'hopefully' it won't > break stuff. > > -Eric > > On Mon, 2007-12-31 at 11:46 -0500, Daniel J Walsh wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > SELinux: policy loaded with handle_unknown=allow > > > > > > Have no idea what this means. > > > > Dan > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.8 (GNU/Linux) > > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > > > iEYEARECAAYFAkd5HPYACgkQrlYvE4MpobOkCACfT4kNc5CYsw4rtEDokk5RdXwO > > 0/YAn0RbSbhQaEY7ytMcLWKIvQrt7qj5 > > =JH78 > > -----END PGP SIGNATURE----- > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
