On Mon, Dec 15, 2014 at 4:12 PM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote: > Both good suggestions. I agree that it can be difficult to track down > issues. CIL diagnostics have plenty of room for improvement. > > One thing that may help, if you were not already aware, you can always > compile the pp file to CIL yourself with something like this: > > $ cat /var/lib/selinux/.../hll | bunzip2 | /usr/libexec/selinux/hll/pp > > It's not perfect, but should allow you to view the generated CIL and > figure out where the error is to help track things down. > > With all that said, I'm not sure this a blocker, and is something we'll > target to improve in the next SELinux Userspace release. Ah yes, using the /usr/libexec/selinux/hll/pp application to generate the CIL is a big help, thanks. It is indeed not blocking. Wkr, Sven Vermeulen _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
