On 05/21/2014 12:30 PM, Dominick Grift wrote:
I got a little carried away with block and in statements (to say the least) I hit a limitation were ordering of modules matters (e.g. ordering of entries in LISTING or entries fed into secilc) I order my modules in alphabetical order so for example policy/modules/systemd/systemd.cil comes after policy/modules/system/dbus for example. If i, in the dbus.cil file now want to insert some declarations in a systemd block i hit issues due to that ordering issue
I am having problems reproducing the problem. In one file, I have: (block bb (type t1) (type t2) (boolean b1 false) (tunable tun1 true) (macro m ((boolean b)) (tunableif tun1 (true (allow t1 t2 (policy.file (write)))) (false (allow t1 t2 (policy.file (execute))))) (booleanif b (true (allow t1 t2 (policy.file (read)))))) (call m (b1)) ) and in another, I have: (in bb (tunableif bb.tun1 (true (allow t2 t1 (policy.file (read write execute))))) (type t3)) The order that I send the files to secilc doesn't seem to matter. Could you give me a little bit more information on what you are doing? Thanks, Jim
If i move the systemd.cil up the stack then i can work around the ordering issue but it is a dead-end. Ordering issues suck (/me points to sidorder statement) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
-- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
