On Mon, May 04, 2015 at 11:33:06AM -0400, Steve Lawrence wrote: > > I think this might be a reset issue, with classmappings or something > related to classmappings not getting reset/re-resolved correctly. I've > noticed that with xserver.cil removed, some optional fails and causes a > re-resolve. Then when writing to the binary, the allow rule mentioned > ends up with all perms being empty, and so the allow rule is never added. > > Note I also needed to modify EXCLUDE to exclude a handful of files due > to dependencies with xserver. I've attached that file. > Yes, indeed. My policy infrastructure support local changes though One can create an EXCLUDE.local file in the root and in there add the modules one wishes to exclude This file should not conflict with the "upstream" EXCLUDE file So EXCLUDE is used by upstream and EXCLUDE.local is for local exclusions Similarly seusers and seusers.local Basically the repository has a local and upstream side, so that one can make local changes without breaking the repository by for example updating it with git pull
Attachment:
pgp0IMQtLT1lx.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
