-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Smalley wrote:
> Per the man page, audit2allow -R is supposed to be the default.
> And the code says:
> parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
> default=True, help="generate refpolicy style output")
>
> which seems to confirm that. But running audit2allow w/o -R does not
> generate interface calls.
>
> On the next line, we have the opposite option:
> parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
> default=False, help="do not generate refpolicy style output")
>
> I'm wondering if the default= value there is clobbering the prior one
> and needs to get updated too if we actually want this to be the default.
>
> But before we do that, do we truly want to make it the default? How
> confident are we in the interface matching?
>
>
I do not think we want it the default. I have seen several times where
it gives back some bizarre interface. Usually because we don't have a
good match.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkgSMOsACgkQrlYvE4MpobOwFACePYYg9A03oDQ2M00Ia/0fm6ma
PbYAn2HWo8KZyGpsKqPhj8/p/9mdCOUt
=Mi40
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
