Hi all I'm going through the information at https://github.com/SELinuxProject/cil/wiki to try some new things that CIL offers. One of the documented "features" is to delete rules from the final policy using the "(delete ...)" statement. However, when I try to use that, I always get the failure "Error: Unknown keyword delete". The test.cil file is pretty simple: (delete (allow sysadm_t rsync_etc_t (file (read)))) ~# semodule -i test.cil Error: Unknown keyword delete semodule: Failed! I considered that it might only work when it builds everything together with secilc, so I tried that as well: ~$ secilc -c 29 /var/lib/selinux/mcs/active/modules/400/*/cil test.cil Error: Unknown keyword delete Failed to compile cildb: -1 Perhaps this keyword is not part of the final CIL construction? That wiki page above is from before it got merged in the main userspace, but I didn't find a more up-to-date version of that information. Wkr, Sven Vermeulen _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
