Eric Paris wrote:
> So I started playing with poliycaps today and it just isn't compiling.
> And lets start off by saying I haven't seen lex or yacc in years. And
> could be so far off base here it is unbelievable. Here is my module:
>
> ****
> module capabilities 0.0.1;
>
> policycap network_peer_controls;
> policycap open_perms;
> ****
>
> First thing someone is going to say is that these only work in the
> base
> module, which is all fine and good, I'm not talking about these
> actually
> doing anything, I'm talking about these just getting through the
> compiler. So don't bring that up yet out of the blue. Here's what I
> get:
The compiler parses the base module differently from the other modules.
policy : base_policy
| module_policy
;
Since the policycap directive is only valid in the base module you get
a syntax error when using them in a module.
There was a long discussion about policycaps in modules and why it
would be unsafe to allow them there. The upshot of which was they
were restricted to base.
- todd
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
