From: flihp@twobit.us (Philip Tricca)
Date: Thu, 11 Aug 2011 15:07:13 -0400
Subject: [refpolicy] RFC: macro expansion in monolithic policy: seusers
Message-ID: <4E442861.5000801@twobit.us>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

While playing with a monolithic policy this morning I noticed that calls 
to getseuserbyname were returning a strange level string 
("s0-mcs_systemhigh") and breaking subsequent calls to 
get_default_context_with_level.  The culprit turned out to be unexpanded 
macros in /etc/selinux/$(NAME)/seusers.

For a modular policy the source file ./config/appconfig-$(TYPE)/seusers 
gets run through m4, output to ./tmp, then included in the base module. 
   For a monolithic policy, the Rules.monolithic file just copies 
seusers from ./config/appconfig-$(TYPE) to the destination without 
passing it through the m4 processor.

I was working with the 20100524 release and, if this is a bug and not my 
misunderstanding, it's present up to the current head of the development 
tree.  In the attached patch I've moved the m4 processing step from the 
Rules.modular file to the main Makefile and fixed up the install target 
for seusers in Rules.monolithic.

Has it really been this long since someone's built a monolithic policy 
or am I missing something?

Comments from the list would be appreciated,
- Philip

-------------- next part --------------
A non-text attachment was scrubbed...
Name: seusers-build.diff
Type: text/x-diff
Size: 1881 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110811/85e90892/attachment.bin