On Thu, Apr 18, 2019 at 6:27 AM jwcart2 <jwcart2@xxxxxxxxxxxxx> wrote:
>
> On 4/17/19 12:37 PM, Gary Tierney wrote:
> > These changes come from a report by a user on the Freenode IRC channel that
> > they were unable to build policies for a machine that has an older version of
> > libsepol installed.
> >
> > A new `-c` option that mirrors checkpolicy's own has been added to checkmodule,
> > and the output of a simple test is shown below:
> >
> > $ cat > test.te <<EOF
> > module test 1.0;
> >
> > require {
> > type domain;
> > type file_type;
> > class file { read write };
> > }
> >
> > allow domain file_type : file { read write };
> > EOF
> > $ obj/usr/bin/checkmodule -m -M -c 10 -o test.mod test.te
> > $ checkpolicy/test/dismod test.mod
> > Reading policy...
> > ... snip ...
> > Binary policy module file loaded.
> > Module name: test
> > Module version: 1.0
> > Policy version: 10
> >
> > Worthy of note, however, is that these policy version numbers differ from those
> > used by the kernel policy format.
> >
> > Gary Tierney (2):
> > checkmodule: add support for specifying module policy version
> > dismod: print policy version of loaded modules
> >
> > checkpolicy/checkmodule.8 | 5 ++++-
> > checkpolicy/checkmodule.c | 29 +++++++++++++++++++++++++++--
> > checkpolicy/test/dismod.c | 4 ++--
> > 3 files changed, 33 insertions(+), 5 deletions(-)
> >
>
> Acked-by: James Carter <jwcart2@xxxxxxxxxxxxx>
James there's a superfluous newline between strtol() and errno.
>
> --
> James Carter <jwcart2@xxxxxxxxxxxxx>
> National Security Agency
