[redhat-lspp] LSPP Development Telecon 11/28/2005 Minutes

Joy Latten latten at austin.ibm.com
Wed Dec 7 22:11:19 UTC 2005


Yes, I agree that I would like to keep the testsuite policy written in
terms of macros. I will soon begin looking into this and the best way to
do it.

Joy

On Wed, 2005-12-07 at 10:58 -0500, Stephen Smalley wrote:
> On Thu, 2005-12-01 at 11:35 -0600, Joy Latten wrote:
> > Ok, I will work on this as time permits. When completed I will send out
> > a notice.
> 
> Just FYI, I briefly tried the new audit2allow -t -r (or -m) support, and
> it didn't work well on the testsuite policy.  It is only designed to
> support conversion of local.te files previously generated using
> audit2allow, so it is limited to taking simple allow rules and
> generating the necessary module syntax.  The testsuite policy involves
> more than just simple allow rules (it includes type declarations, type
> transitions, role statements, etc), and it is written using macros
> defined in the base policy, so simply applying audit2allow -t -r to the
> testsuite .te files doesn't work.  You might be able to pre-process the
> testsuite .te files (via m4 with the necessary macro files), extract
> just the allow rules, and feed that into audit2allow -t -r to generate
> the requires statements, but you'd still need to put it all back
> together again.   And it would be nice to keep the testsuite policy
> written in terms of macros (just using the reference policy interfaces
> instead of the old ones).
> 




More information about the redhat-lspp mailing list