On 04/08/2016 11:02 AM, James Carter wrote:
Since CIL treats files as modules and does not have a separate
module statement it can cause confusion when a Refpolicy module
has a name that is not the same as its base filename because older
SELinux userspaces will refer to the module by its module name while
a CIL-based userspace will refer to it by its filename.
Because of this, provide a warning message when converting a policy
package to CIL and fail when compiling a module if the output base
filename is different than the module name.
Changes from v1:
- Added a "Warning:" prefix
- Removed checks against the input filename
- Since there are now only two checks and the base filename is used in the
warning message, it no longer made sense to create common helper functions
in libsepol.
Changes from v2:
- Check if strdup() returns NULL
- Have checkmodule fail rather than give a warning
James Carter (2):
policycoreutils/hll/pp: Warn if module name different than output
filename
checkpolicy: Fail if module name different than output base filename
checkpolicy/checkmodule.c | 20 ++++++++++++++++++++
policycoreutils/hll/pp/pp.c | 33 +++++++++++++++++++++++++++++----
2 files changed, 49 insertions(+), 4 deletions(-)
Seeing no other comments or objections.
Merged.
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
