Re: cil mlsconstrain

2018-10-23 Thread Ted Toth 
On Tue, Oct 23, 2018 at 9:05 AM Stephen Smalley  wrote:

> On 10/23/2018 09:56 AM, Ted Toth wrote:
> >
> >
> > On Tue, Oct 23, 2018 at 8:39 AM Stephen Smalley  > > wrote:
> >
> > On 10/23/2018 09:33 AM, Ted Toth wrote:
> >  > Is it possible to modify/replace an existing mlsconstrain? In
> > playing
> >  > around I created multiple instances of a mlsconstrain and
> > variations of
> >  > mlsconstrains but haven't figured out how to clean them up as I
> get
> >  > "Error: Unknown keyword delete' when trying to delete my
> experiments.
> >
> > Possibly I misunderstand, but can't you just remove or replace the
> > module that defined it previously?
> >
> >
> > We make some changes to several 'x_*' mls constraints which as far as I
> > know are not part of a module.
>
> They have to live in some module, base or otherwise.
> You can extract the CIL for the module in which you defined them via
> semodule -cE , e.g. semodule -cE base.  Then you can edit
> them in that base.cil or other file and re-insert the updated one.
>
>
That's what I'll do, thanks.


>
> >
> >
> > BTW, selinux mailing list has moved to seli...@vger.kernel.org
> > .
> >
> > Thanks for the reminder now I just need gmail to remember :(
>
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: cil mlsconstrain

2018-10-23 Thread Stephen Smalley 

On 10/23/2018 09:56 AM, Ted Toth wrote:



On Tue, Oct 23, 2018 at 8:39 AM Stephen Smalley > wrote:


On 10/23/2018 09:33 AM, Ted Toth wrote:
 > Is it possible to modify/replace an existing mlsconstrain? In
playing
 > around I created multiple instances of a mlsconstrain and
variations of
 > mlsconstrains but haven't figured out how to clean them up as I get
 > "Error: Unknown keyword delete' when trying to delete my experiments.

Possibly I misunderstand, but can't you just remove or replace the
module that defined it previously?


We make some changes to several 'x_*' mls constraints which as far as I 
know are not part of a module.


They have to live in some module, base or otherwise.
You can extract the CIL for the module in which you defined them via 
semodule -cE , e.g. semodule -cE base.  Then you can edit 
them in that base.cil or other file and re-insert the updated one.






BTW, selinux mailing list has moved to seli...@vger.kernel.org
.

Thanks for the reminder now I just need gmail to remember :(


___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: cil mlsconstrain

2018-10-23 Thread Ted Toth 
On Tue, Oct 23, 2018 at 8:39 AM Stephen Smalley  wrote:

> On 10/23/2018 09:33 AM, Ted Toth wrote:
> > Is it possible to modify/replace an existing mlsconstrain? In playing
> > around I created multiple instances of a mlsconstrain and variations of
> > mlsconstrains but haven't figured out how to clean them up as I get
> > "Error: Unknown keyword delete' when trying to delete my experiments.
>
> Possibly I misunderstand, but can't you just remove or replace the
> module that defined it previously?
>

We make some changes to several 'x_*' mls constraints which as far as I
know are not part of a module.


> BTW, selinux mailing list has moved to seli...@vger.kernel.org.
>
>
Thanks for the reminder now I just need gmail to remember :(
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: cil mlsconstrain

2018-10-23 Thread Stephen Smalley 

On 10/23/2018 09:33 AM, Ted Toth wrote:
Is it possible to modify/replace an existing mlsconstrain? In playing 
around I created multiple instances of a mlsconstrain and variations of 
mlsconstrains but haven't figured out how to clean them up as I get 
"Error: Unknown keyword delete' when trying to delete my experiments.


Possibly I misunderstand, but can't you just remove or replace the 
module that defined it previously?


BTW, selinux mailing list has moved to seli...@vger.kernel.org.

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

cil mlsconstrain

2018-10-23 Thread Ted Toth 
Is it possible to modify/replace an existing mlsconstrain? In playing
around I created multiple instances of a mlsconstrain and variations of
mlsconstrains but haven't figured out how to clean them up as I get "Error:
Unknown keyword delete' when trying to delete my experiments.

Ted
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.