On 07/10/2014 02:51 AM, Dominick Grift wrote: > On Wed, 2014-07-09 at 15:21 -0400, Steve Lawrence wrote: >> In January, we sent an RFC [1] to update userspace to integrate CIL >> [2] and source policy. And in April, we sent an updated RFC [3] which >> added support for high level languages and a tool to convert policy >> package (pp) files to CIL. After getting some good feedback, we have >> made some more changes, mostly to maintain ABI compatibility. The >> major changes made since the last patchset are: > > <snip> > > I just spent a few hours playing with this and i am impressed. > > Everything i tested just works. > > What did i test? > > 1. disabling/enabling existing modules > 2. toggling booleans with semanage > 3. adding and removing port and file contexts with semanage > 4. adding/removing a policy module with semodule, checkmodule, > semodule_package > 5. adding/removing a (cil) policy module with semodule > 6. associating a (new) user with staff_t identity > > Comments? > > if i do restorecon -R -v -F /home it resets contexts *every* time (from > s0 to s0-s0). No noticable side effects because of this > We recently pushed a fix to CIL that fixes the issue with how CIL generates file contexts. It now removes the high level if it is the same as the low level. - Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
