On Fri, 2009-09-11 at 08:16 -0400, Chris PeBenito wrote:
[...]
> > What is the actual difference between require and gen_require? Is it
> > allowed to write such statements at the top of the policy or in general
> > is this good practice or not? What was the actual intention of having
> > two require statements? I guess the gen_require was especially for
> > interfaces. But which one should be used if no interface is used?
>
> gen_require() is just a require{} block. The only difference is that it
> disappears in the global scope of the base module or the global scope of
> the monolithic policy since require{} blocks are not allowed in those
> places. If you are using a loadable module, using either require{} or
> gen_require() is fine.
Ah, OK, this explains a lot. Thanks! Now I know what to do ;-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
