On Wed, Jun 14, 2017 at 01:39:07PM -0400, James Carter wrote: > The typebounds rules should end with a ";". > > The netifcon and nodecon rules should not end with a ";". > > The default rules are missing a "_". They should be "default_usr", > "default_role" and "default_type".
I might be misunderstanding but according to https://selinuxproject.org/page/DefaultRules#default_user it should be "default_user" > > Signed-off-by: James Carter <jwca...@tycho.nsa.gov> > --- > libsepol/cil/src/cil_policy.c | 12 ++++++------ > 1 file changed, 6 insertions(+), 6 deletions(-) > > diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c > index 2196ae8..f7fe24e 100644 > --- a/libsepol/cil/src/cil_policy.c > +++ b/libsepol/cil/src/cil_policy.c > @@ -1069,7 +1069,7 @@ static void cil_typebounds_to_policy(FILE *out, struct > cil_list *types) > child = i1->data; > if (child->bounds != NULL) { > parent = child->bounds; > - fprintf(out, "typebounds %s %s\n", parent->datum.fqn, > child->datum.fqn); > + fprintf(out, "typebounds %s %s;\n", parent->datum.fqn, > child->datum.fqn); > } > } > } > @@ -1779,7 +1779,7 @@ static void cil_netifcons_to_policy(FILE *out, struct > cil_sort *netifcons, int m > cil_context_to_policy(out, netifcon->if_context, mls); > fprintf(out, " "); > cil_context_to_policy(out, netifcon->packet_context, mls); > - fprintf(out, ";\n"); > + fprintf(out, "\n"); > } > } > > @@ -1836,7 +1836,7 @@ static void cil_nodecons_to_policy(FILE *out, struct > cil_sort *nodecons, int mls > } > > cil_context_to_policy(out, nodecon->context, mls); > - fprintf(out, ";\n"); > + fprintf(out, "\n"); > } > } > > @@ -1928,9 +1928,9 @@ void cil_gen_policy(FILE *out, struct cil_db *db) > cil_commons_to_policy(out, lists[CIL_LIST_COMMON]); > cil_classes_to_policy(out, db->classorder); > > - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], > CIL_KEY_DEFAULTUSER); > - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], > CIL_KEY_DEFAULTROLE); > - cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], > CIL_KEY_DEFAULTTYPE); > + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_USER], > "default_usr"); > + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_ROLE], > "default_role"); > + cil_defaults_to_policy(out, lists[CIL_LIST_DEFAULT_TYPE], > "default_type"); > > if (db->mls == CIL_TRUE) { > cil_default_ranges_to_policy(out, > lists[CIL_LIST_DEFAULT_RANGE]); > -- > 2.9.4 > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
signature.asc
Description: PGP signature
