So many lists so little time ... I'll post to the refpolicy list next time. Simply adding: gen_require(` type null_device_t; ') did the trick. On Mon, Jun 8, 2015 at 8:11 AM, Christopher J. PeBenito <cpebenito@xxxxxxxxxx> wrote: > On 6/5/2015 4:28 PM, Ted Toth wrote: >> I tried to use "refpolicywarn(`$0($*) has been deprecated.')" in a >> deprecated interface removing all of the previously defined policy. >> However the interface is used in an 'optional' which then causes the >> policy compilation to fail. What is the right way to handle this >> situation? > > This should go to the refpolicy list. > > Refpolicywarn is an m4 macro, so it doesn't result in any policy. If > you have an optional block with only one call to an interface that only > has a refpolicywarn in its implementation, it will result in an optional > with no rules inside. > > We handle this in refpolicy by calling the new interface, e.g. if > interface X is being replaced by interface Y, in the implementation of X > we put a refpolicywarn message and call Y. If there is no new > interface, you could put safe placeholder rules, such as a call to > dev_rw_null(). > > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
