From: ewalsh@tycho.nsa.gov (Eamon Walsh) Date: Thu, 13 Nov 2008 14:30:26 -0500 Subject: [refpolicy] (u|r)bacsep: initial testing In-Reply-To: <1224183673.21012.64.camel@gorn.columbia.tresys.com> References: <1216224735.21191.50.camel@gorn> <1224183673.21012.64.camel@gorn.columbia.tresys.com> Message-ID: <491C8052.1030506@tycho.nsa.gov> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Christopher J. PeBenito wrote: > > ping > > This is the last call. I have not heard any comments from the > community. User-based separations have finished going through vetting > interally at Tresys; I plan to finalize this and then merge it into > trunk in the next week or so unless there are any objections raised. > > This really needs to be tested by people whose projects depend on proper > role separations. > > I had to apply this patch to policy/constraints to get around a build error: Index: constraints =================================================================== --- constraints (revision 2873) +++ constraints (working copy) @@ -81,8 +81,11 @@ constrain process { sigchld sigkill sigstop signull signal ptrace getsched setsched getsession getpgid setpgid getcap setcap share getattr setrlimit } ( - basic_ubac_conditions - or t1 == ubacproc + ifdef(`enable_ubac',` + basic_ubac_conditions + or + ') + t1 == ubacproc ); constrain process { transition noatsecure siginh rlimitinh } -- Eamon Walsh National Security Agency