On Thu, 2011-09-15 at 15:54 -0400, Daniel J Walsh wrote: > From f2a839faa71dac0bc575615bfe0aafca94a00892 Mon Sep 17 00:00:00 2001 > From: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> > Date: Thu, 1 Sep 2011 11:29:47 +0800 > Subject: [PATCH 51/67] libsepol: Preserve tunables when required by > semodule > program. > > If the "-P/--preserve_tunables" option is set for the semodule > program, > the preserve_tunables flag in sepol_handle_t would be set, then all > tunables > would be treated as booleans by having their TUNABLE flag bit cleared, > resulting in all tunables if-else conditionals preserved for raw > policy. > > Note, such option would invalidate the logic to double-check if > tunables > ever mix with booleans in one expression, so skip the call to assert() > when this option is passed. > > Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> > Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> > --- > libsepol/src/expand.c | 36 ++++++++++++++++++++++++------------ > 1 files changed, 24 insertions(+), 12 deletions(-) Hello Dan. The new option seems not fully enabled yet by parsing the option and setting the preserve_tunables flag appropriately in main(). Is it going to be enabled elsewhere ? Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
