From: domg472@gmail.com (Dominick Grift)
Date: Tue, 18 Jan 2011 15:58:20 +0100
Subject: [refpolicy] optional_policy blocks
In-Reply-To: <1295361554.3083.8.camel@tesla.lan>
References: <1295361554.3083.8.camel@tesla.lan>
Message-ID: <4D35AA8C.5050001@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/18/2011 03:39 PM, Guido Trentalancia wrote:
> Hello !
> 
> I am trying to build and test a modified version of the git reference
> policy. It is being built of type MCS and not monolithic.
> 
> Unfortunately, it seems that for some reason all of the
> "optional_policy" blocks that are often used in TE files are not being
> compiled in.

Because optional policy does not apply to monolithic policy. All modules
are in a single module (the base module), thus all dependencies are
installed.

optional policy is used for modular policy where many modules reside in
their own policy module. This enabled you to add and remove specific
modules and introduces the issue of dependencies.

the optional policy (policy in optional policy blocks) say's if this
policy is available then use it and if its not available then ignore it.

> The modules that should trigger the optional_policy blocks are all being
> compiled and loaded...
> 
> What should I do to enable the inclusion of such blocks in the policy ?
> 
>>From searching the mailing list, I could only find out that in the past,
> the module on which the optional block depends used to be defined at the
> beginning of the optional block... But this should be deprecated now.
> 
> The optional blocks usually contain just one or more interface calls,
> such as:
> 
> optional_policy(`
>         policykit_dbus_chat(system_dbusd_t)
>         policykit_domtrans_auth(system_dbusd_t)
>         policykit_search_lib(system_dbusd_t)
> ')
> 
> where the interface calls are defined in policykit.if. This is actually
> an example from an existing part of the git reference policy.
> 
> Regards,
> 
> Guido
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk01qowACgkQMlxVo39jgT/uRgCgugiE3hqmnrf8JbLPyYB/EAt/
9vQAni6MpxtYHWwUyj6blAdPpkQGpu5f
=KC5C
-----END PGP SIGNATURE-----