On Wed, 2008-10-15 at 11:02 -0500, Joe Nall wrote: > Is it legitimate to define a type within an optional_policy within a > template? Yes. > I ask because there are a number of compile issues with policy that > look like: > > template(`wm_domain_template',` > ... > optional_policy(` > dbus_system_bus_client_template($1_wm,$1_wm_t) > # does not compile > # dbus_user_bus_client_template($1,$1_wm,$1_wm_t) > ') > ... > ') I can't reproduce this by just adding it to a random module; there are likely more factors that just the above template calls. > Looking at the checkmodule source, it looks like type declarations > declared within optionals are popped off the symbol stack in > end_optional but left in the symbol table. These symbols later fail an > is_id_in_scope test and generate an 'duplicate declaration of type/ > attribute'. > > I think this is related to: > http://oss.tresys.com/projects/refpolicy/ticket/43 > > and earlier complaints about this behavior in the X policy from Dan > and Eamon in June/July. > http://www.nsa.gov/SeLinux/list-archive/0806/thread_body18.cfm > > I'm running libsepol-2.0.33 which has the fix in the above thread. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
