Re: CIL compiler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steve,

Please find attached the 'optional' problem code. There is a README in the tarball + all the modules.

Thanks for your help.
Richard

--- On Thu, 15/9/11, Steve Lawrence <slawrence@xxxxxxxxxx> wrote:

> From: Steve Lawrence <slawrence@xxxxxxxxxx>
> Subject: Re: CIL compiler
> To: "Richard Haines" <richard_c_haines@xxxxxxxxxxxxxx>
> Cc: selinux@xxxxxxxxxxxxx
> Date: Thursday, 15 September, 2011, 18:48
> On 09/15/2011 12:21 PM, Richard
> Haines wrote:
> > Thanks for the Initial SID fix. It works fine.
> > 
> > I've been experimenting with CIL using a basic base
> policy (similar to mdp) and blocks to build binary policy
> files. I've checked these with apol and loaded them with
> only two issues found so far:
> 
> Great! We love to get feedback.
> 
> > 1) The 'booleanif' does not expand the AV or TYPE
> rules into the binary. apol does not list anything under
> 'Conditional Expressions' and the policy will not load.
> 
> Yes, we discovered that issue this week, and believe we
> have a fix, but
> are unsure if it's the 'right' fix. Hopefully, we'll have
> this resolved
> soon.
> 
> > 2) The 'optional' sections are not expanded into the
> binary when the dependencies are resolved. The policy is
> still loadable.
> 
> This seems to work correctly for me. Can you provide the
> CIL code you're
> using that's not working?
> 
> > I also notice that as the CIL dev team work through
> the changes, the policy requirements change slightly. For
> example the allow rule format changed because of the
> permission set changes and the roles for object_r need to be
> fully defined. These are not an issue - just noting them in
> case others are testing CIL as well.
> 
> Yes, the language is still somewhat in flux so some things
> will break.
> When we do a release we'll give a full list of what
> changed. But if
> you're playing with the latest and greatest from git,
> things might break
> without warning. We'll try to keep the wiki up to date with
> the current
> git repo though, so that should be a source of what's new
> (the
> permission set changes haven't made it to the wiki yet,
> though). If you
> notice anything missing, please let us know and we'll make
> sure we get
> it fixed.
> 
> Thanks,
> - Steve
>

Attachment: optional-bug.tar.gz
Description: GNU Zip compressed data

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux