As CIL now seems to be under serious development, could I put forward a request for a new statement that would build variable length configuration file entries. This would allow policy writers to build all required configuration files to support the 'policy'. It would also allow the parameters used to be validated by the build process. Currently CIL generates the file_contexts entries using the 'filecon' statement, this method is okay for this application, however there are files that require entries with a variable number of parameters (examples: setrans.conf and seapp_contexts). What I've been trying to achieve (and failing) is to generate entries like these example seapp_contexts entries: isSystemServer=true domain=system_server.process user=_app seinfo=netclient domain=netclient_app.process type=netclient_app.log_file level=s0:c1020.c1023 A possible statement format could be: (configfileentry filename "test string with %s for %s param" (type param1) (type param2) ...) Examples: (configfileentry seapp_contexts "isSystemServer=true domain=%s" (type system_server.process)) (configfileentry seapp_contexts "user=_app seinfo=netclient domain=%s type=%s level=%s" (type netclient_app.process) (type netclient_app.log_file) (level s0:c1020.c1023)) The final process would be to assemble all entries for each configuration filename and create the file (I'm not sure about sorting order but could be left to the process that uses the config file). I've been reworking the call/macro code to achieve this but I seem to be allergic to compiler code for some reason. If it does seem a worthwhile idea I'm happy to continue but will probably require a few pointers. Richard -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
