On 06/29/2015 09:56 AM, Dominick Grift wrote: > On Mon, Jun 29, 2015 at 09:29:34AM +0200, Miroslav Grepl wrote: >> Trying to make sandbox working using CIL but I see it does not >> support typeinherit statement. > > One of those features that really define CIL but that is currently > not available or fully working yet. > > My suggestion is to study the "cilpolicy" (which is really just a > snapshot of reference policy transformed to cil with hll i > believe) > > This will give you some pointers as to how to create an alternative > implementation that achieves a similar result. > > When you write CIL policy, there are some "bugs" to take into > account and to workaround. > Sure there are different ways how to write it. I just wanted to combine it with the current Fedora policy as much as possible without re-writing the current Fedora policy. >> >> -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red >> Hat, Inc. _______________________________________________ Selinux >> mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to >> Selinux-leave@xxxxxxxxxxxxx. To get help, send an email >> containing "help" to Selinux-request@xxxxxxxxxxxxx. > > > > _______________________________________________ Selinux mailing > list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to > Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing > "help" to Selinux-request@xxxxxxxxxxxxx. > -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
