On 02/24/12 02:12, Harry Ciao wrote: > If a role identifier is out of scope it would be skipped over during > expansion, accordingly, be it a role attribute, it should be skipped > over as well when role_fix_callback tries to propagate its capability > to all its sub-roles. > > BTW, it's worthwhile to note that the symtab and rules of an optional > block in a loadable module will be written to its pp. However, for the > base module the entire optional block will be omitted if its exterior > dependency cannot be properly satisfied. This doesn't sound correct. If optionals don't exist in the base module, then that would be a significant problem for current policy. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
