On Nov 23, 2008, at 9:35 PM, Joe Nall wrote:
On Oct 22, 2008, at 9:32 AM, Stephen Smalley wrote:
On Wed, 2008-10-22 at 10:28 -0400, Stephen Smalley wrote:
On Wed, 2008-10-22 at 09:26 -0500, Joe Nall wrote:
On Oct 22, 2008, at 9:01 AM, Stephen Smalley wrote:
I did notice however that I could also get it to build w/o
changing checkmodule by reversing the order of the interface calls
there
- not sure if that workaround is usable in the original case that
triggered this bug report.
Arranging modules in the proper order becomes increasingly
difficult
as module interaction grows. I finally de-optioned the X policy in
fedora since it is in base so get our additions to compile. Patch
included for reference.
Making the compiler gracefully deal with options would really be
appreciated. I could see the issue in the compiler code, but the
right
fix wasn't obvious.
Does the patch I posted fix your problem?
And by fix, I mean not only does it allow you to build the policy but
does it yield the expected final kernel policy (i.e. look at the
policy.N file via apol and check that you are getting the expected
types
and rules in the final policy).
I added your patch and Eamon's patch (not sure I needed Eamons's
patch).
I can definitely build the policy now.
The types appear to be correct in apol and seinfo. It works as
expected in enforcing.
It does need Eamon's patch. Any chance to test this on your end?
joe
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
