selinux: fix context of secure_mode_policyload boolean #102
Conversation
| @@ -32,6 +32,8 @@ | |||
| ## </param> | |||
| # | |||
| interface(`selinux_labeled_boolean',` | |||
| refpolicywarn(`$0($*) has been deprecated.') | |||
There was a problem hiding this comment.
No, this will not be deprecated. Even though there is only one use in refpolicy, I want this interface to continue for users to use.
policy/modules/kernel/selinux.fc
Outdated
| @@ -1 +1,5 @@ | |||
| # This module currently does not have any file contexts. | |||
|
|
|||
| /sys/fs/selinux(/.*)? gen_context(system_u:obkect_r:security_t,s0) | |||
| /sys/fs/selinux/null -c gen_context(system_u:object_r:null_device_t,s0) | |||
There was a problem hiding this comment.
null_device_t does not belong in this module.
There was a problem hiding this comment.
null_device_t is a base type, so there should be no dependency problem.
i put it here for locality, because in the device module this file-context line might loose its cohesiveness (from the maintenance pov)
but i can chance this
| type secure_mode_policyload_t; | ||
| selinux_labeled_boolean(secure_mode_policyload_t, secure_mode_policyload) | ||
| type secure_mode_policyload_t, boolean_type; | ||
| genfscon selinuxfs /booleans/secure_mode_policyload gen_context(system_u:object_r:secure_mode_policyload_t,s0) |
There was a problem hiding this comment.
This change should be dropped.
|
the problem, and the reason for this pr, is that i could not get the genfscon statement inside the |
|
i'll fix the |
|
I will have to investigate further, as this has worked in the past. I need to make sure there isn't a compiler problem. |
genfscon in interfaces seems not to work
genfscon in interfaces seems not to work