On 6/5/2015 4:28 PM, Ted Toth wrote: > I tried to use "refpolicywarn(`$0($*) has been deprecated.')" in a > deprecated interface removing all of the previously defined policy. > However the interface is used in an 'optional' which then causes the > policy compilation to fail. What is the right way to handle this > situation? This should go to the refpolicy list. Refpolicywarn is an m4 macro, so it doesn't result in any policy. If you have an optional block with only one call to an interface that only has a refpolicywarn in its implementation, it will result in an optional with no rules inside. We handle this in refpolicy by calling the new interface, e.g. if interface X is being replaced by interface Y, in the implementation of X we put a refpolicywarn message and call Y. If there is no new interface, you could put safe placeholder rules, such as a call to dev_rw_null(). -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
