SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] checkpolicy: implement handling of unknown classesandpermissions This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] From: Christopher J. PeBenito <cpebenito_at_tresys.com> Date: Thu, 27 Sep 2007 09:35:02 -0400 On Fri, 2007-09-21 at 13:27 -0400, Christopher J. PeBenito wrote: > On Tue, 2007-09-18 at 15:48 -0400, Stephen Smalley wrote: > > On Thu, 2007-09-06 at 14:26 -0400, Eric Paris wrote: > > > Add a new command line options, -U (allow,reject,deny), to > > checkmodule > > > and checkpolicy which sets the handle_unknown config flag. Default > > to > > > deny unknowns which is how things have been in the past. Also add > > > dismod and dispol support. > > > > > > -Eric > > > > Thanks, merged as of checkpolicy 2.0.4. > > > > Chris/Dan: we need some way to select the flag setting for the policy > > build. The -U {allow,reject,deny} setting needs to be passed to > > checkmodule _only_ when building the base module, or to checkpolicy > > when > > building a monolithic policy. > > Here is a patch for this, I haven't committed this to trunk yet, as I'd > prefer to wait for the next stable release of the toolchain (when its > that, btw?). I committed a slightly modified version of this that won't add the -U setting unless the build.conf setting is used, for compatibility with the stable toolchain branch. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 27 Sep 2007 - 14:04:31 EDT This message: [ Message body ] Next message: Joshua Brindle: "Re: [RFC PATCH v2 1/2] [SELINUX] Add a capabilities bitmap to SELinux policy version 22" Previous message: Daniel J Walsh: "Re: I am concerned about putting genhomedircon changesinlibsemanage into Fedora 8." In reply to: Christopher J. PeBenito: "Re: [PATCH] checkpolicy: implement handling of unknown classes andpermissions" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom