On Tue, 2008-12-02 at 08:26 -0600, Joe Nall wrote: > On Nov 23, 2008, at 9:35 PM, Joe Nall wrote: > > > > > On Oct 22, 2008, at 9:32 AM, Stephen Smalley wrote: > > > >> On Wed, 2008-10-22 at 10:28 -0400, Stephen Smalley wrote: > >>> On Wed, 2008-10-22 at 09:26 -0500, Joe Nall wrote: > >>>> On Oct 22, 2008, at 9:01 AM, Stephen Smalley wrote: > >>>> > >>>>> I did notice however that I could also get it to build w/o > >>>>> changing checkmodule by reversing the order of the interface calls > >>>>> there > >>>>> - not sure if that workaround is usable in the original case that > >>>>> triggered this bug report. > >>>> > >>>> > >>>> Arranging modules in the proper order becomes increasingly > >>>> difficult > >>>> as module interaction grows. I finally de-optioned the X policy in > >>>> fedora since it is in base so get our additions to compile. Patch > >>>> included for reference. > >>>> > >>>> Making the compiler gracefully deal with options would really be > >>>> appreciated. I could see the issue in the compiler code, but the > >>>> right > >>>> fix wasn't obvious. > >>> > >>> Does the patch I posted fix your problem? > >> > >> And by fix, I mean not only does it allow you to build the policy but > >> does it yield the expected final kernel policy (i.e. look at the > >> policy.N file via apol and check that you are getting the expected > >> types > >> and rules in the final policy). > > > > I added your patch and Eamon's patch (not sure I needed Eamons's > > patch). > > I can definitely build the policy now. > > The types appear to be correct in apol and seinfo. It works as > > expected in enforcing. > > It does need Eamon's patch. Any chance to test this on your end? I'm confused by that. Eamon's patch shouldn't be necessary if my patch was applied. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
