From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 25 Aug 2010 08:50:32 -0400
Subject: [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in
	selinux.if
In-Reply-To: <1282679433.14992.31.camel@moss-lions.epoch.ncsc.mil>
References: <1282679433.14992.31.camel@moss-lions.epoch.ncsc.mil>
Message-ID: <4C751198.7000302@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/24/10 15:50, James Carter wrote:
> This is obviously not a solution.  The problem here is that m4 is being
> used to perform string concatenation.  The argument, which is a boolean,
> is not being used like a boolean and this is a problem when you are
> inferring data types.
>
> The interface is not being used, so ignoring it doesn't cause a problem
> for now.

If I'm not mistaken, Dan uses this in the Fedora policy.  We've also 
used this in internal Tresys projects.

> ---
>   policy/modules/kernel/selinux.if |    2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
> index f8b357c..c1d0d98 100644
> --- a/policy/modules/kernel/selinux.if
> +++ b/policy/modules/kernel/selinux.if
> @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',`
>
>          # because of this statement, any module which
>          # calls this interface must be in the base module:
> -       genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
> +       #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0)
>   ')
>
>   ########################################
>


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com