Most of the libapol/libqpol changes are based on the current structure for adding new statements etc. Likewise for the tcl/tk. The only two areas I had problems were: 1) libsefs/src/new_ftw.c - This area caused the apol and indexcon to hang when broken links found. I could not understand why the code was there so just did a kludge: -#if ! _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK +/* If this is used on Linux (Fedora) when a sym link or file is broken, + the file context function will hang forever: + #if ! _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK + Therefore changed to this so uses Linux lstat function. */ +#if _LIBC && ! LSTAT_FOLLOWS_SLASHED_SYMLINK 2) When coding the iter functions in libqpol (e.g. qpol_policy_get_default_object_iter) I could not see how this worked so I just used the base object count (e.g. number of classes - as these held the default object_items), and then counted each default_object in top.tcl to arrive at the actual number of default_objects. I did the same for userbounds etc. Richard ----- Original Message ----- From: Steve Lawrence <slawrence@xxxxxxxxxx> To: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>; selinux@xxxxxxxxxxxxx; setools-bugs@xxxxxxxxxx Cc: Sent: Tuesday, 8 April 2014, 18:51 Subject: Re: [PATCH 0/4] APOL Enhancements to support additional policy features On 04/08/2014 10:52 AM, Richard Haines wrote: > These four patches will update setools-3.3.8.tar.bz2 available from > http://oss.tresys.com/projects/setools/wiki/download > Thanks for the patchset! We would love to have apol updated to support the latest toolchain better. Just a heads up though, this is a pretty sizable patchset with some pieces I'm not too familiar with (i.e. tcl), and I'll be on vacation next week, so it might take 2-3 weeks before we can fully review this and merged it into setools. Thanks! - Steve
