selinux: fix context of secure_mode_policyload boolean#102
selinux: fix context of secure_mode_policyload boolean#102cgzones wants to merge 1 commit intoOwlCyberDefense:masterfrom cgzones:fix_selinux_bool_context
Conversation
| ## </param> | ||
| # | ||
| interface(`selinux_labeled_boolean',` | ||
| refpolicywarn(`$0($*) has been deprecated.') |
There was a problem hiding this comment.
No, this will not be deprecated. Even though there is only one use in refpolicy, I want this interface to continue for users to use.
| # This module currently does not have any file contexts. | ||
|
|
||
| /sys/fs/selinux(/.*)? gen_context(system_u:obkect_r:security_t,s0) | ||
| /sys/fs/selinux/null -c gen_context(system_u:object_r:null_device_t,s0) |
There was a problem hiding this comment.
null_device_t does not belong in this module.
There was a problem hiding this comment.
null_device_t is a base type, so there should be no dependency problem.
i put it here for locality, because in the device module this file-context line might loose its cohesiveness (from the maintenance pov)
but i can chance this
| type secure_mode_policyload_t; | ||
| selinux_labeled_boolean(secure_mode_policyload_t, secure_mode_policyload) | ||
| type secure_mode_policyload_t, boolean_type; | ||
| genfscon selinuxfs /booleans/secure_mode_policyload gen_context(system_u:object_r:secure_mode_policyload_t,s0) |
There was a problem hiding this comment.
This change should be dropped.
|
the problem, and the reason for this pr, is that i could not get the genfscon statement inside the |
|
i'll fix the |
|
I will have to investigate further, as this has worked in the past. I need to make sure there isn't a compiler problem. |
genfscon in interfaces seems not to work
2 participants
genfscon in interfaces seems not to work