On Thu, 2011-08-04 at 10:52 -0400, Eric Paris wrote: > I don't understand. Before this patch rec->validating wasn't being used > at all and we always checked for dups. With this patch we actually pay > attention to what the application set. As it turns out > restorecon/fixfiles don't set the flag, but semanage fcontext does, so > this is actually a case where the programs were right but the underlying > library was wrong. I'm fixing the library to pay attention to the flag. > What am I missing? Oops, I read the patch backwards. Never mind. Technically the library was correct in that the original meaning of validate was to validate the contexts, but I suppose this fits with the sense of it. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
