On Wed, 2010-03-03 at 10:08 -0500, Daniel J Walsh wrote: > On 03/03/2010 05:20 AM, Dominick Grift wrote: > > On 03/03/2010 12:07 AM, Russell Coker wrote: > > <snip> > > > >> How should we solve this? > >> > >> > > I Wrote a blog with my view on this issue here: > > > > http://selinux-mac.blogspot.com/2010/02/about-apachecontenttemplate.html > > > > I am also interested in other views on this. > > > > > Dominic your example would not work since it would not have rules to > handle apache content is not present. What happens to you executable. > > I am not sure this would work. > optional_policy(` > apache_cgi_domain(backuppc_admin_t, backuppc_admin_exec_t) > ',` > gen_require(` > type bin_t; > ') > typealias bin_t alias backuppc_admin_exec_t; > ') That won't work because you can't put require blocks in the else block of an optional. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
