On 08/23/2013 11:05 AM, Richard Haines wrote:
Thanks for the bad news, anyway I've been trying the classmap / classmapping and not sure if this is a bug or
another change. The sample I've been using is (I just modified the test policy):
(classmap files_rw (read write))
(classmapping files_rw read
(file (open read getattr)))
(classmapping files_rw write
(file (execute_no_trans entrypoint execmod open audit_access))
(file (open write setattr)))
However the results vary between your version and the Tresys version as follows:
secil from git clone http://oss.tresys.com/git/cil.git cil
allow policy.console_t policy.t_1 : policy.file { write setattr execute_no_trans entrypoint execmod open audit_access } ;
allow policy.console_t policy.t_2 : policy.file { read getattr open } ;
secil from git clone https://jwcarter@xxxxxxxxxxxxx/jwcarter/secilc.git
allow policy.console_t policy.t_1 : policy.file { execute_no_trans entrypoint execmod open audit_access } ;
allow policy.console_t policy.t_2 : policy.file { read getattr open } ;
I think the Tresys version is correct (well I hope so)
The Tresys version is correct. This is a bug. I will take a look at it.
Thanks for the report.
Jim
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
