Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: seref: trivial patch:
From: Serge E. Hallyn <serue_at_us.ibm.com>
Date: Fri, 10 Feb 2006 09:59:34 -0600
No, but then after I sent this out, it started failing to compile again... I clearly have some issues with stuff mysteriously staying around after make clean. Not bc it started to fail, but bc it ever succeeded. A question that's not clear in my mind - if a module, like certwatch.te, uses the apache_exec_modules() interface, should that call automatically be defined away to nothing if apache is not defined, or does that call still need to be inside of a 'optional_policy(`apache'' block? The former sounds like preferred behavior to keep policies clean, but that' not what is happening right now, judging by the otput under tmp/. For the moment I'm going back to defining all the modules I want as being part of the base policy - after all I want them always on. It's my own policy that I want to compile as modules.
> Merged. I changed the rules to use the appropriate interface and moved Thanks. On this theme, appended is a list of place which a quick set of greps shows may have the same problem: find policy/modules -name "*.fc" -exec "grep" "-Hn" 'ifdef(`[a-z]*\.te' "{}" \; policy/modules/services/mta.fc:21:#ifdef(`postfix.te', `', ` find policy/modules -name "*.if" -exec "grep" "-Hn" 'ifdef(`[a-z]*\.te' "{}" \; policy/modules/admin/su.if:235: ifdef(`xauth.te', ` policy/modules/admin/su.if:242: ifdef(`cyrus.te', ` policy/modules/admin/su.if:245: ifdef(`ssh.te', ` policy/modules/admin/sudo.if:140: ifdef(`mta.te', ` policy/modules/admin/sudo.if:145: ifdef(`pam.te', ` policy/modules/apps/gpg.if:208: ifdef(`xdm.te',` policy/modules/apps/gpg.if:322: ifdef(`xdm.te', ` policy/modules/apps/java.if:170: ifdef(`gnome.te', ` policy/modules/services/cron.if:162: ifdef(`mta.te', ` policy/modules/services/dbus.if:168: ifdef(`xdm.te', ` policy/modules/services/mta.if:138: ifdef(`qmail.te', ` policy/modules/services/mta.if:232: ifdef(`postfix.te',` policy/modules/services/ssh.if:348: ifdef(`xdm.te',` policy/modules/services/xserver.if:160: ifdef(`rpm.te', ` policy/modules/services/xserver.if:276: ifdef(`xdm.te', ` policy/modules/system/userdomain.if:478: ifdef(`xdm.te', ` policy/modules/system/userdomain.if:492: ifdef(`gnome.te', ` policy/modules/system/userdomain.if:681: ifdef(`xdm.te', ` policy/modules/system/userdomain.if:690: ifdef(`ftpd.te', ` policy/modules/system/userdomain.if:696: ifdef(`useradd.te', ` policy/modules/system/userdomain.if:725: ifdef(`syslogd.te', ` policy/modules/system/userdomain.if:928: ifdef(`xserver.te', ` policy/modules/system/userdomain.if:935: ifdef(`xdm.te', ` policy/modules/system/userdomain.if:944: ifdef(`ftpd.te', `can_tcp_connect(ftpd_t, $1_t)') policy/modules/system/userdomain.if:947: ifdef(`rshd.te', `can_tcp_connect(rshd_t, $1_t)') find policy/modules -name "*.te" -exec "grep" "-Hn" 'ifdef(`[a-z]*\.te' "{}" \; policy/modules/admin/firstboot.te:132:ifdef(`printconf.te', ` policy/modules/admin/firstboot.te:136:ifdef(`userhelper.te', ` policy/modules/admin/firstboot.te:141:ifdef(`xserver.te', ` policy/modules/admin/logrotate.te:202:ifdef(`backup.te', ` policy/modules/services/bluetooth.te:213:ifdef(`xserver.te', ` policy/modules/services/bluetooth.te:219: ifdef(`xdm.te',` policy/modules/services/cron.te:432: ifdef(`mta.te', ` policy/modules/services/portmap.te:136:ifdef(`rpcd.te',`can_udp_send(portmap_t, rpcd_t)') policy/modules/services/portmap.te:140:ifdef(`lpd.te',`can_udp_send(portmap_t, lpd_t)') policy/modules/services/remotelogin.te:176:ifdef(`alsa.te', ` policy/modules/services/samba.te:527:ifdef(`cups.te', ` policy/modules/services/squid.te:181:ifdef(`apache.te',` policy/modules/services/squid.te:185:ifdef(`winbind.te', ` policy/modules/services/ssh.te:165: ifdef(`xauth.te', ` policy/modules/services/xserver.te:454:ifdef(`rhgb.te', ` policy/modules/system/authlogin.te:247:ifdef(`xdm.te', ` policy/modules/system/init.te:699: ifdef(`xserver.te', ` policy/modules/system/selinuxutil.te:392:ifdef(`dpkg.te', ` policy/modules/system/sysnetwork.te:181: ifdef(`unconfined.te', `
thanks,
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 10 Feb 2006 - 10:59:50 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |