[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Yet another role question

From: Joe Nall <joe nall com>
To: fedora-selinux-list redhat com
Subject: Yet another role question
Date: Sun, 12 Oct 2008 22:19:13 -0500

It appears that per role template expansion is disabled in the modulesshipped with fedora selinux-policy 3.5.10 but enabled for modulescompiled with the resulting policy (which uses a different Makefile).


Why is there a difference?

joe

from the policy Makefile:

# perrole-expansion modulename,outputfile
define perrole-expansion
        echo "No longer doing perrole-expansion"
#       $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
#       $(call parse-rolemap,$1,$2)
#       $(verbose) echo "')" >> $2

# $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`">> $2# $(verbose) echo "errprint(\`Warning: per_userdomain_templateshave been renamed to per_role_templates(""$1""_per_userdomain_template)'__endline__)" >> $2

#       $(call parse-rolemap-compat,$1,$2)
#       $(verbose) echo "')" >> $2
endef

from /usr/share/selinux/devel/include/Makefile:

# peruser-expansion modulename,outputfile
define peruser-expansion
        $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
        $(call parse-rolemap,$1,$2)
        $(verbose) echo "')" >> $2

$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`">> $2$(verbose) echo "errprint(\`Warning: per_userdomain_templateshave been renamed to per_role_templates(""$1""_per_userdomain_template)'__endline__)" >> $2

        $(call parse-rolemap-compat,$1,$2)
        $(verbose) echo "')" >> $2
endef

Follow-Ups:
- Re: Yet another role question
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]