Stephen Smalley <sds@xxxxxxxxxxxxx> writes: > On 1/29/20 7:52 AM, Petr Lautrbach wrote: >> Stephen Smalley <sds@xxxxxxxxxxxxx> writes: >> >>> On 1/26/20 5:57 AM, Petr Lautrbach wrote: >>>> >>>> Stephen Smalley <sds@xxxxxxxxxxxxx> writes: >>>> >>>>> libsepol carried its own (outdated) copy of flask.h with the generated >>>>> security class and initial SID values for use by the policy >>>>> compiler and the forked copy of the security server code >>>>> leveraged by tools such as audit2why. Convert libsepol and >>>>> checkpolicy entirely to looking up class values from the policy, >>>>> remove the SECCLASS_* definitions from its flask.h header, and move >>>>> the header with its remaining initial SID definitions private to >>>>> libsepol. While we are here, fix the sepol_compute_sid() logic to >>>>> properly support features long since added to the policy and kernel, >>>>> although there are no users of it other than checkpolicy -d (debug) >>>>> and it is not exported to users of the shared library. There >>>>> are still some residual differences between the kernel logic and >>>>> libsepol. >>>>> >>>>> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >>>> >>>> >>>> The only problem I found running tests on this is related to SETools >>>> https://github.com/SELinuxProject/selinux/pull/200#issuecomment-577745225 >>>> >>>> Acked-by: Petr Lautrbach <plautrba@xxxxxxxxxx> >>> >>> Thanks. I guess the question is whether we should wait to merge it until >>> setools has a corresponding fix ready or go ahead. >> https://github.com/SELinuxProject/setools/issues/39 >> Lets wait until there's a response from Christopher. > > setools issue has been resolved, so this should now be mergeable. Applied, thanks.
