I am in the process of a DSSP rewrite, taking a different approach this time. However I encountered something that seems suboptimal: SECILC seems to not filter redundant attributes and rules Example i have a type attribute and it has rules associated with it. However, the type attribute is not associated with any types. I was hoping that SECILC would be smart enough to determine that it might as well filter both the type attribute as well as the rules associated with it. To reproduce: git clone https://github.com/DefenSec/dssp1-base.git cd dssp1-base secilc `ls *.cil` sesearch -ASCT -s lib.ld_so.read_files_subj_type_attribute policy.30 seinfo -xalib.ld_so.read_files_subj_type_attribute policy.30 Am i expecting the impossible by expecting SECILC to be smart enough to determine that something is redundant, and that it can be filtered out until it becomes applicable? -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
