Is it legitimate to define a type within an optional_policy within a
template?
I ask because there are a number of compile issues with policy that
look like:
template(`wm_domain_template',`
...
optional_policy(`
dbus_system_bus_client_template($1_wm,$1_wm_t)
# does not compile
# dbus_user_bus_client_template($1,$1_wm,$1_wm_t)
')
...
')
Looking at the checkmodule source, it looks like type declarations
declared within optionals are popped off the symbol stack in
end_optional but left in the symbol table. These symbols later fail an
is_id_in_scope test and generate an 'duplicate declaration of type/
attribute'.
I think this is related to:
http://oss.tresys.com/projects/refpolicy/ticket/43
and earlier complaints about this behavior in the X policy from Dan
and Eamon in June/July.
http://www.nsa.gov/SeLinux/list-archive/0806/thread_body18.cfm
I'm running libsepol-2.0.33 which has the fix in the above thread.
joe
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
