From: jwcart2@tycho.nsa.gov (James Carter) Date: Wed, 25 Aug 2010 10:00:14 -0400 Subject: [refpolicy] [m4-isms patch 1/6] Remove genfscon rule in selinux.if In-Reply-To: <4C751198.7000302@tresys.com> References: <1282679433.14992.31.camel@moss-lions.epoch.ncsc.mil> <4C751198.7000302@tresys.com> Message-ID: <1282744814.25778.6.camel@moss-lions.epoch.ncsc.mil> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2010-08-25 at 08:50 -0400, Christopher J. PeBenito wrote: > On 08/24/10 15:50, James Carter wrote: > > This is obviously not a solution. The problem here is that m4 is being > > used to perform string concatenation. The argument, which is a boolean, > > is not being used like a boolean and this is a problem when you are > > inferring data types. > > > > The interface is not being used, so ignoring it doesn't cause a problem > > for now. > > If I'm not mistaken, Dan uses this in the Fedora policy. We've also > used this in internal Tresys projects. > I was afraid that someone was using it. I guess we will have to support some sort of string concatenation in CIL. > > --- > > policy/modules/kernel/selinux.if | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if > > index f8b357c..c1d0d98 100644 > > --- a/policy/modules/kernel/selinux.if > > +++ b/policy/modules/kernel/selinux.if > > @@ -40,7 +40,7 @@ interface(`selinux_labeled_boolean',` > > > > # because of this statement, any module which > > # calls this interface must be in the base module: > > - genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0) > > + #genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0) > > ') > > > > ######################################## > > > > -- James Carter National Security Agency