On Tue, 2014-04-22 at 15:03 -0400, Steve Lawrence wrote: > On 04/22/2014 01:56 PM, Dominick Grift wrote: > > (type foo) > > (typeattribute bar) > > (typeattribute baz) > > (typeattributeset bar (and baz foo)) > > > > It compiles but neither bar, nor baz gets associated with type foo > > > > This is because 'and' is similar to the set intersection of baz and foo. > But baz is empty, so the intersection of baz and foo is nothing, > resulting in nothing being added to the bar attribute. > > You probably want the union of baz and foo? Replacing 'and' with 'or' > would make it so bar would be associated with foo and everything > associated with baz. Impressive, what i am looking for is actually very simple. I just want to know how i can associate more than a single type attribute to a specified type in a single statement, that is possible. (type foo) (typeattribute bar) (typeattribute baz) The equivalent of: (typeattributeset bar foo) (typeattributeset baz foo) In a single statement instead of two > > Also, i still have that weird boolean issue where, even though sesearch > > shows the rules are loaded and enabled, SELinux still blocks the access > > I think we actually fixed this about an hour ago. Give it a shot, let us > know if it's actually fixed. Nice, i will try with up-to-date secilc tomorrow > Thanks for the feedback! > - Steve > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
