From: harrytaurus2002@hotmail.com (HarryCiao) Date: Fri, 19 Aug 2011 01:44:57 +0000 Subject: [refpolicy] Calling typeattribute within a tunable_policy() is not allowed? In-Reply-To: <4E4D11F1.1040607@tresys.com> References: <20110813210636.GA2679@siphos.be> , <4E4D11F1.1040607@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com > > > I guess that attributes are not something that can be switched on/off > > > through a tunable. > > > > Just a side note, so far the tunable is implemented as boolean, and the > > tunable_policy macro is expanded as if-else conditionals by m4, aiming > > to define some block of rules that could be switched on/off at runtime. > > However, the tunable and tunable_policy should take effect at module > > link/expand time - if the tunable if off, then related block of rules > > would not be linked and expanded at all. > > Yes, that is the reason I created tunables. The toolchain just hasn't > implemented that support yet. CIL will have this support, but thats not > done yet. > Hi Chris, I just started to add such support for separating tunable from boolean in the toolchain, hope it would be useful for CIL as well. Thanks, Harry > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110819/2e9e22f2/attachment.html