From: pebenito@ieee.org (Chris PeBenito) Date: Sun, 3 Dec 2017 16:36:37 -0500 Subject: [refpolicy] [PATCH v2 8/8] Fix regexp for templated boolean generation In-Reply-To: References: <20171128173302.16454-1-sven.vermeulen@siphos.be> Message-ID: <4a3e3dc6-5581-5bf6-8af1-17dc85d2f407@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 12/02/2017 07:42 AM, Sven Vermeulen wrote: > On Wed, Nov 29, 2017 at 2:22 AM, Chris PeBenito via refpolicy > wrote: >> Unfortunately, I'm running into compile errors. For a monolithic build >> I get: >> >> /usr/bin/checkpolicy: loading policy configuration from policy.conf >> policy/modules/contrib/cron.te:714:ERROR 'syntax error' at token 'if' on >> line 521548: >> if (use_nfs_home_dirs) { >> #line 714 >> checkpolicy: error(s) encountered while parsing configuration >> >> >> >> >> I added a commit to insert comments for else and closing brackets of >> tunable blocks, but I couldn't see what the problem was. > > I now get the same issue with modular builds as well (the other build > error was due to a typo, my bad for not running sufficient testing, > I'm now doing the various builds beforehand), and would like to get > more deep into this before sending out v3 (which will also include a > fix for a case where not all arguments were processed correctly). > > When you say "I added a commit to insert comments", do you mean inside > the policy/support/loadable_module.spt's tunable_policy declaration? Yes. > Is there perhaps a maximum depth of tunable_policy() chains that I > might be hitting? Since tunables are implemented as if blocks, they can't be nested. So the max depth is 1. -- Chris PeBenito