-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/29/2013 09:06 AM, Stephen Smalley wrote:
> On 10/28/2013 03:52 PM, Daniel J Walsh wrote:
>> This patch allows sepolgen to also display the constraint information.
>> This patch looks good to me. acked.
>
> Patches 1-3 applied on master. Patches 4-9 applied on a separate
> constraintnames branch for further review/testing and to await the updated
> kernel patch.
>
> I suspect we'll need to go ahead and add the module version anyway just to
> avoid breaking compatibility? Not optimal but I don't think we want
> upstream SELinux userspace build to break a Fedora 19/20 box, or to reuse
> the version number down the road for something completely different.
> Unless you are going to push an update to 19 and 20 that will downgrade all
> modules to the prior version (what could possibly go wrong?).
>
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes
> as the message.
>
Well here is the patch for this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJv0IAACgkQrlYvE4MpobPzOgCg64w/kYLGklld3bT3nSEF3qXe
nwAAni97VHxOOjoumeexTx2yhzWy3uqR
=9Vop
-----END PGP SIGNATURE-----
>From bb5e712521dffdb89b383e5d9df600c2123f36cf Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Mon, 28 Oct 2013 14:11:15 -0400
Subject: [PATCH 11/16] Update version of policy file to match what was shipped
since Fedora 19
---
libsepol/include/sepol/policydb/policydb.h | 3 ++-
libsepol/src/policydb.c | 14 ++++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index 99b66d1..fd14a9e 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -705,9 +705,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
#define MOD_POLICYDB_VERSION_TUNABLE_SEP 14
#define MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS 15
#define MOD_POLICYDB_VERSION_DEFAULT_TYPE 16
+#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES 17
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_DEFAULT_TYPE
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_CONSTRAINT_NAMES
#define POLICYDB_CONFIG_MLS 1
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index ab712c3..8c7efbc 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -263,6 +263,13 @@ static struct policydb_compat_info policydb_compat[] = {
.target_platform = SEPOL_TARGET_SELINUX,
},
{
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+ {
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -353,6 +360,13 @@ static struct policydb_compat_info policydb_compat[] = {
.ocon_num = 0,
.target_platform = SEPOL_TARGET_SELINUX,
},
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_CONSTRAINT_NAMES,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
};
#if 0
--
1.8.3.1
