[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: kernel flask headers
From:       "Eric Paris" <eparis () parisplace ! org>
Date:       2007-10-16 20:58:45
Message-ID: 7e0fb38c0710161358g4c35a7b4t7d6f0020b7832c0c () mail ! gmail ! com
[Download RAW message or body]

Thanks, it's been around for a bit, I just fixed those things up by
hand when I submitted my memprotect kernel patches and every time I
played with adding stuff for my allow unknown work, I guess its all my
fault for forgetting to say something. sorry.

-Eric

On 10/16/07, Christopher J. PeBenito <cpebenito@tresys.com> wrote:
> On Tue, 2007-10-16 at 14:31 -0400, Stephen Smalley wrote:
> > On Tue, 2007-10-16 at 14:25 -0400, Christopher J. PeBenito wrote:
> > > On Tue, 2007-10-16 at 11:24 -0400, Christopher J. PeBenito wrote:
> > > > On Tue, 2007-10-16 at 11:11 -0400, Stephen Smalley wrote:
> > > > > On the refpolicy trunk, if you run make in refpolicy/policy/flask and
> > > > > try to use the resulting kernel headers, the kernel won't build.
> > >
> > > I fixed this in trunk, can you verify that its correct now?
> > >
> > > > > Looks like flask.py is inserting S_(0, 0, 0) lines into av_inherit.h,
> > > > > which isn't valid in the kernel's definition of S_() there.  Should just
> > > > > omit the line altogether I would expect.
> > > >
> > > > Odd, since the script hasn't changed since March, and I though we
> > > > verified it was putting out correct headers.
> > > >
> > > > > Also, we don't presently seem to have a way of marking common
> > > > > definitions as userspace-only and omitting them from the kernel's
> > > > > headers, so it is adding the common database definitions
> > > > > (unnecessarily).
> > > >
> > > > This should be interesting to fix, since they're not declared in
> > > > security_classes like regular classes are.
> > >
> > > I modified the script to look at which classes inherit the common and if
> > > only userspace object classes inherit it, the definition won't be
> > > included in the kernel version of av_inherit.h.
> >
> > Generates buildable headers now, but still puts the COMMON_DATABASE
> > definitions in av_permissions.h unnecessarily.
>
> Fixed.
>
> --
> Chris PeBenito
> Tresys Technology, LLC
> (410) 290-1411 x150
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]