neverallow and attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If I do:

    attribute A;
    
    type T1_t;
    type T2_t;
    
    typeattribute T2_t A;
    
    allow A T1_t:file read;
    
    neverallow T2_t T1_t:file read;

I can compile and load the corresponding module. I can even do:

    allow A T1_t:file read;
    
    neverallow A T1_t:file read;

without problems.

I cannot do:

    allow T2_t T1_t:file read;
    
    neverallow A T1_t:file read;


The neverallow assertion does not find any allows that are 
constituted by allowing something for an attribute.

Is this normal behaviour?

Ole

Attachment: signature.asc
Description: Digital signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux