On Fri, 2008-04-25 at 15:28 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Stephen Smalley wrote:
> > Per the man page, audit2allow -R is supposed to be the default.
> > And the code says:
> > parser.add_option("-R", "--reference", action="store_true", dest="refpolicy",
> > default=True, help="generate refpolicy style output")
> >
> > which seems to confirm that. But running audit2allow w/o -R does not
> > generate interface calls.
> >
> > On the next line, we have the opposite option:
> > parser.add_option("-N", "--noreference", action="store_false", dest="refpolicy",
> > default=False, help="do not generate refpolicy style output")
> >
> > I'm wondering if the default= value there is clobbering the prior one
> > and needs to get updated too if we actually want this to be the default.
> >
> > But before we do that, do we truly want to make it the default? How
> > confident are we in the interface matching?
> >
> >
> I do not think we want it the default. I have seen several times where
> it gives back some bizarre interface. Usually because we don't have a
> good match.
Ok, so we should change the man page then.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
