On 04/22/2014 01:56 PM, Dominick Grift wrote: > (type foo) > (typeattribute bar) > (typeattribute baz) > (typeattributeset bar (and baz foo)) > > It compiles but neither bar, nor baz gets associated with type foo > This is because 'and' is similar to the set intersection of baz and foo. But baz is empty, so the intersection of baz and foo is nothing, resulting in nothing being added to the bar attribute. You probably want the union of baz and foo? Replacing 'and' with 'or' would make it so bar would be associated with foo and everything associated with baz. > Also, i still have that weird boolean issue where, even though sesearch > shows the rules are loaded and enabled, SELinux still blocks the access I think we actually fixed this about an hour ago. Give it a shot, let us know if it's actually fixed. Thanks for the feedback! - Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
