Thanks for the updated CIL that has many useful fixes, however I notice that you removed the "permissionset" statement. Is this to be dropped altogether or just in your version (I've got lots in my test policy so thought I would ask before I change them all).
Richard
From: James Carter <jwcart2@xxxxxxxxxxxxx>
To: SELinux List <selinux@xxxxxxxxxxxxx>
Cc: Steve Lawrence <slawrence@xxxxxxxxxx>
Sent: Monday, 29 July 2013, 18:36
Subject: Common Intermediate Language (CIL) Update
The CIL compiler, secilc, is now able to create MLS, MCS, and non-MLS binary policies from a slightly modified version of Refpolicy that has been converted to CIL.
Anyone interested in trying CIL out can do the following:
1) Clone the CIL compiler and cilpolicy
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/secilc.git
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/cilpolicy.git
2) Build secilc
cd secilc
make
cd ..
3) Build cilpolicy
./secilc/secilc `cat cilpolicy/LISTING`
To build an MLS policy:
Edit "cilpolicy/mls_declarations" and change "(tunable enable_mls false)" to "(tunable enable_mls true)"
Build the MLS policy: ./secilc/secilc -M `cat cilpolicy/LISTING`
MCS is similar.
Anyone interested in trying to create their own CIL policy from Refpolicy can clone the Flask Policy Parser (fpp) from bitbucket and follow the instructions in the README. To clone fpp:
git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/fpp.git
-- James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
