Christopher Pardy wrote:
Patch for semodule command
semodule -B
Will now turn on dontaudit rules
semodule -DB
Will turn off dontaudit rules.
With other patch all other semanage commands will maintain state.
Created by Dan Walsh
Signed-off-by: Christopher Pardy<cpardy@xxxxxxxxxx>
---
semodule/semodule.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff -up policycoreutils-2.0.64/semodule/semodule.c~ policycoreutils-2.0.64/semodule/semodule.c
--- policycoreutils-2.0.64/semodule/semodule.c~ 2009-06-23 15:36:25.000000000 -0400
+++ policycoreutils-2.0.64/semodule/semodule.c 2009-07-01 13:34:42.027229000 -0400
@@ -417,8 +418,10 @@ int main(int argc, char *argv[])
printf("Committing changes:\n");
if (no_reload)
semanage_set_reload(sh, 0);
- if (build)
+ if (build) {
+ semanage_set_disable_dontaudit(sh, 0);
semanage_set_rebuild(sh, 1);
+ }
if (disable_dontaudit)
semanage_set_disable_dontaudit(sh, 1);
result = semanage_commit(sh);
I don't like this, it is non-obvious. Eg., if set dontaudit and rebuild it will
first set disable_dontaudit to 0 and then immediately after set it to 1. Can you
rework these if statements to make it more obvious what is going on?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
