On Mon, May 04, 2015 at 05:44:44PM +0200, Dominick Grift wrote: > On Mon, May 04, 2015 at 11:33:06AM -0400, Steve Lawrence wrote: > > > > I think this might be a reset issue, with classmappings or something > > related to classmappings not getting reset/re-resolved correctly. I've > > noticed that with xserver.cil removed, some optional fails and causes a > > re-resolve. Then when writing to the binary, the allow rule mentioned > > ends up with all perms being empty, and so the allow rule is never added. > > > > Note I also needed to modify EXCLUDE to exclude a handful of files due > > to dependencies with xserver. I've attached that file. > > > > Yes, indeed. My policy infrastructure support local changes though > > One can create an EXCLUDE.local file in the root and in there add the modules one wishes to exclude > > This file should not conflict with the "upstream" EXCLUDE file > > So EXCLUDE is used by upstream and EXCLUDE.local is for local exclusions > > Similarly seusers and seusers.local > > Basically the repository has a local and upstream side, so that one can make local changes without breaking the repository by for example updating it with git pull Running ./laptop --help explains the options a bit -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
Attachment:
pgpLRCr5GQJb6.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
