On Mon, 2009-07-06 at 09:46 -0400, Stephen Smalley wrote: > I don't believe that this is right. semanage_get_disable_dontaudit() > calls sepol_get_disable_dontaudit() which will always return 0 when the > handle is first created and it cannot have been set yet since we are > only just now creating the handle. Then you'll pass that zero to > semanage_set_disable_dontaudit() and always remove the flag file on > handle creation. Not what you want. So I think that we don't need the libsepol patch at all anymore, nor do we need semanage_get_disable_dontaudit(). So all we need is the change to semanage_set_disable_dontaudit() along with the path definition in libsemanage, and the patch to semodule in policycoreutils. Re-post both patches as a series with updated description and diffstat after addressing the comments please. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
