On Thu, 2014-05-01 at 15:24 +0200, Dominick Grift wrote: Whoops sorry... Its called by an unused type attribute Sorry for the noise > On Thu, 2014-05-01 at 08:57 -0400, Steve Lawrence wrote: > > > > > I've tested with the pp to CIL method, Jim's cilpolicy.git, and a very > > bare bones cil policy in test/policy.cil and I cannot reproduce the > > issue you describe where dontaudit rules don't end up in the policy. The > > only thing I can think of is that you're giving the -D flag, which will > > disable dontaudits. If that's not the case, would it be possible to > > provide us your CIL files? > > Sure, I can give the whole thing: > > Here is the spec i use to build a secilc package: > > https://github.com/doverride/secilc-spec > > Here is my "work in progress" policy written in CIL: > > https://github.com/doverride/monogam > > ( it has a script in "support/" that i most of the time use to > "build/load" policy ) > > Here is the spec i use to build a "monogam" policy package: > > https://github.com/doverride/monogam-spec > > Side note: > > I am also using a custom installation of policycoreutils (without > semanage/semodule > > The spec for that is here: > > https://github.com/doverride/policycoreutils-spec > > If you look in systemd policy module ( i believe ) then youll see that i > call the term_dontaudit_use_console() which for some reason does not > make it to the policy > > seinfo shows no dontaudit rules and neither does sesearch > > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
