[Resending because I originally only sent these to the new list]
ocontexts (initial sids, fs_use_*, genfscon, portcon, etc) are sorted by
libsemanage when using policy modules and by libsepol when using CIL, but they
are not sorted by checkpolicy when creating a policy from a policy.conf.
Checkpolicy's behavior allows control over the ordering which determines the
matching order for portcons and other ocontext rules, but there are times when
that specific control is not desired.
This patch set exposes an internal ocontext sorting function and adds a command
line option to checkpolicy to sort ocontexts.
James Carter (2):
libsepol: Create policydb_sort_ocontexts()
checkpolicy: Add option to sort ocontexts when creating a binary
policy
checkpolicy/checkpolicy.c | 22 +++++++++++++++++-----
libsepol/include/sepol/policydb/policydb.h | 2 ++
libsepol/src/policydb.c | 5 +++++
3 files changed, 24 insertions(+), 5 deletions(-)
--
2.17.1
_______________________________________________
Selinux mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to [email protected].
