On Mon, Mar 21, 2022 at 10:30 AM Dominick Grift
<dominick.grift@xxxxxxxxxxx> wrote:
>
> the conditional-policy-statements chapter describes which statements
> are allowed in if statements and optional is not one of them
>
> Signed-off-by: Dominick Grift <dominick.grift@xxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> v2: adjusts kernel_policy_language.md as well
>
> src/kernel_policy_language.md | 2 +-
> src/modular_policy_statements.md | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/kernel_policy_language.md b/src/kernel_policy_language.md
> index b7b72ce..4f01609 100644
> --- a/src/kernel_policy_language.md
> +++ b/src/kernel_policy_language.md
> @@ -262,7 +262,7 @@ within an *if/else* construct, *optional {rule_list}*, or
> | *neverallow* | Yes | Yes |Yes [^fn_kpl_3]| No | Yes | No |
> | *neverallowxperm*| Yes | Yes | Yes | No | No | No |
> | *nodecon* | Yes | Yes | No | No | No | No |
> -| *optional* | No | Yes | Yes | Yes | Yes | Yes |
> +| *optional* | No | Yes | Yes | No | Yes | No |
> | *permissive* | Yes | Yes | Yes | Yes | Yes | No |
> | *policycap* | Yes | Yes | No | No | No | No |
> | *portcon* | Yes | Yes | No | No | No | No |
> diff --git a/src/modular_policy_statements.md b/src/modular_policy_statements.md
> index e62e6ac..508d531 100644
> --- a/src/modular_policy_statements.md
> +++ b/src/modular_policy_statements.md
> @@ -190,7 +190,7 @@ Conditional Policy Statements
>
> | *if* Statement | *optional* Statement | *require* Statement |
> | ----------------------- | ----------------------- | ----------------------- |
> -| Yes | Yes | Yes |
> +| No | Yes | No |
>
> **Examples:**
>
> --
> 2.35.1
>
