On 04/22/2014 03:33 PM, Dominick Grift wrote: > On Tue, 2014-04-22 at 15:03 -0400, Steve Lawrence wrote: >> On 04/22/2014 01:56 PM, Dominick Grift wrote: >>> (type foo) >>> (typeattribute bar) >>> (typeattribute baz) >>> (typeattributeset bar (and baz foo)) >>> >>> It compiles but neither bar, nor baz gets associated with type foo >>> >> >> This is because 'and' is similar to the set intersection of baz and foo. >> But baz is empty, so the intersection of baz and foo is nothing, >> resulting in nothing being added to the bar attribute. >> >> You probably want the union of baz and foo? Replacing 'and' with 'or' >> would make it so bar would be associated with foo and everything >> associated with baz. > > Impressive, what i am looking for is actually very simple. > > I just want to know how i can associate more than a single type > attribute to a specified type in a single statement, that is possible. > > (type foo) > (typeattribute bar) > (typeattribute baz) > > The equivalent of: > > (typeattributeset bar foo) > (typeattributeset baz foo) > > In a single statement instead of two > Unfortunately, there is no way to associate a single type/attribute with multiple attributes in a single statement. CIL is a pretty verbose language. >>> Also, i still have that weird boolean issue where, even though sesearch >>> shows the rules are loaded and enabled, SELinux still blocks the access >> >> I think we actually fixed this about an hour ago. Give it a shot, let us >> know if it's actually fixed. > > Nice, i will try with up-to-date secilc tomorrow > >> Thanks for the feedback! >> - Steve >> >> > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
