Stephen Smalley <sds@xxxxxxxxxxxxx> writes: > On 1/26/20 5:57 AM, Petr Lautrbach wrote: >> >> Stephen Smalley <sds@xxxxxxxxxxxxx> writes: >> >>> libsepol carried its own (outdated) copy of flask.h with the generated >>> security class and initial SID values for use by the policy >>> compiler and the forked copy of the security server code >>> leveraged by tools such as audit2why. Convert libsepol and >>> checkpolicy entirely to looking up class values from the policy, >>> remove the SECCLASS_* definitions from its flask.h header, and move >>> the header with its remaining initial SID definitions private to >>> libsepol. While we are here, fix the sepol_compute_sid() logic to >>> properly support features long since added to the policy and kernel, >>> although there are no users of it other than checkpolicy -d (debug) >>> and it is not exported to users of the shared library. There >>> are still some residual differences between the kernel logic and >>> libsepol. >>> >>> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >> >> >> The only problem I found running tests on this is related to SETools >> https://github.com/SELinuxProject/selinux/pull/200#issuecomment-577745225 >> >> Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> > > Thanks. I guess the question is whether we should wait to merge it until > setools has a corresponding fix ready or go ahead. https://github.com/SELinuxProject/setools/issues/39 Lets wait until there's a response from Christopher. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
