On the subject of language inconsistencies:
One thing that I frequently find myself doing wrong is nesting the
various types of blocks. IIRC, you can nest a tunable policy inside an
optional block, but not vice versa. I understand why -- one is resolved
at policy compile time and the other at run time -- but just from a
policy language perspective it seems inconsistent.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
