On 05/21/2014 02:36 PM, James Carter wrote: > On 05/20/2014 11:57 AM, Richard Haines wrote: >> Just been testing the latest fix for expanding classmapping and found >> that if the >> classes are unique, then it works okay. If there are repeated classes >> then I get >> this error in the example below when the binary is being generated: >> "Type default labeling for class binder already specified" >> >> > > OK. This has been fixed and pushed to bitbucket. > > I have also pushed the new syntax for classpermissionsets and > classmappings. > > Class-permission sets are now declared with a classpermission statement > and the set is defined with one or more classpermissionset statements. > > Example: > (classpermission foo) > (classpermissionset foo (file (not execute))) > (classpermissionset foo (char (read write))) > > > One or more classmapping statements are now used to define a class map > instead of a list of class and permissions. > > Example: > (classmap bar baz) One minor correction. I think the syntax for classmap is: (classmap bar (baz)) which allows you to define multiple classmap permissions, e.g. (classmap bar (baz qaz raz)) > (classmapping bar baz (file (not execute))) > (classmapping bar baz (char (read write))) > > > Neither a classpermissionset nor a classmapping are now allowed to have > a list of class and permissions. > > Now illegal syntax: > > (classpermissionset foo ((file (not execute)) (char (read write)))) > > If anyone has suggestions on the syntax and statement names of CIL, now > would be a good time to bring them up while we still have the > flexibility to change things. > > Jim > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
