Daniel J Walsh wrote: <snip>>>
Well I will say that I thought the old construct did not make sense, since we have to declare most objects in the lanquage except for roles.
If SDS hadn't smacked it down I would have deprecated implicit role declaration in the original module compiler so it shouldn't be a surprise that I'm fine with this change. Refpolicy has always declared roles explicitly (a capability that didn't even exist before the module compiler) and if it didn't it was a refpolicy bug.
This will help to find problems in the policy also like people doing role httpd_t types httpd_t; Which I have seen in the past. I just got the new toolchain to work with Fedora policy.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
