From: Daniel J Walsh <dwalsh@redhat.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>,
SELinux Mail List <selinux@tycho.nsa.gov>
Subject: Re: ANN: Reference Policy Release
Date: Fri, 16 Dec 2005 12:59:51 -0500 [thread overview]
Message-ID: <43A30097.2020701@redhat.com> (raw)
In-Reply-To: <20051215222809.GA17384@sergelap.austin.ibm.com>
Serge E. Hallyn wrote:
> Hmm, I'm trying to compile this as a modular policy. I've selected
> "nis = off" in my modules.conf. But I get
>
> policy/modules/admin/netutils.te:88:ERROR 'syntax error' at token
> 'nis_use_ypbind' on line 33005:
> #line 88
> nis_use_ypbind(netutils_t)
>
> when I try 'make load'.
>
> Is this me misunderstanding how I can use modules.conf, or is
> the module policy mostly unsupported? (I'm happy to help get it
> working, just am not sure how it's supposed to work now :) My first
> instinct of course is that the "optional_policy" macro in
> policy/support/loadable_module.spt would need to be more complicated
> to handle using modules.conf... But man that's one ugly macro.
>
Looks like this should be optional.
> thanks,
> -serge
>
> Quoting Christopher J. PeBenito (cpebenito@tresys.com):
>
>> A new release of the SELinux Reference Policy is now available on
>> SourceForge from http://serefpolicy.sourceforge.net. The primary
>> activity for this release has been preparing and testing Reference
>> Policy for inclusion in Fedora Core 5 as it's targeted policy. In
>> addition, several build issues have been fixed. The change log follows
>> at the bottom of the email.
>>
>> Again, for those that are interesting in contributing, right now the
>> best help would be to convert existing policies over to reference
>> policy; there is a list of modules on the reference policy status page
>> on SourceForge.
>>
>> * Wed Dec 07 2005 Chris PeBenito <selinux@tresys.com> - 20051207
>> - Add unlabeled IPSEC association rule to domains with
>> networking permissions.
>> - Merge systemuser back in to users, as these files
>> do not need to be split.
>> - Add check for duplicate interface/template definitions.
>> - Move domain, files, and corecommands modules to kernel
>> layer to resolve some layering inconsistencies.
>> - Move policy build options out of Makefile into build.conf.
>> - Add yppasswd to nis module.
>> - Change optional_policy() to refer to the module name
>> rather than modulename.te.
>> - Fix labeling targets to use installed file_contexts rather
>> than partial file_contexts in the policy source directory.
>> - Fix build process to use make's internal vpath functions
>> to detect modules rather than using subshells and find.
>> - Add install target for modular policy.
>> - Add load target for modular policy.
>> - Add appconfig dependency to the load target.
>> - Miscellaneous fixes from Dan Walsh.
>> - Fix corenetwork gen_context()'s to expand during the policy
>> build phase instead of during the generation phase.
>> - Added policies:
>> amanda
>> avahi
>> canna
>> cyrus
>> dbskk
>> dovecot
>> distcc
>> i18n_input
>> irqbalance
>> lpd
>> networkmanager
>> pegasus
>> postfix
>> procmail
>> radius
>> rdisc
>> rpc
>> spamassassin
>> timidity
>> xdm
>> xfs
>>
>>
>> --
>> Chris PeBenito
>> Tresys Technology, LLC
>> (410) 290-1411 x150
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-12-16 18:01 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-07 16:40 ANN: Reference Policy Release Christopher J. PeBenito
2005-12-15 22:28 ` Serge E. Hallyn
2005-12-16 17:59 ` Daniel J Walsh [this message]
2005-12-22 1:25 ` [PATCH] " Serge E. Hallyn
2005-12-18 23:20 ` Serge E. Hallyn
2006-01-03 15:48 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2019-02-01 20:22 ANN: Reference Policy release Chris PeBenito
2018-07-01 17:40 Chris PeBenito
2017-02-04 19:02 ANN: Reference Policy Release Chris PeBenito
2016-10-23 21:29 Chris PeBenito
2016-11-02 4:13 ` Russell Coker
2016-11-02 22:19 ` Chris PeBenito
2015-12-08 15:49 Christopher J. PeBenito
2014-12-03 19:31 Christopher J. PeBenito
2014-03-11 13:33 Christopher J. PeBenito
2013-04-24 20:56 Christopher J. PeBenito
2012-07-26 16:41 Christopher J. PeBenito
2012-02-15 20:19 Christopher J. PeBenito
2011-07-26 18:44 Christopher J. PeBenito
2010-12-14 16:39 Christopher J. PeBenito
2010-05-25 20:02 Christopher J. PeBenito
2009-11-17 15:28 Christopher J. PeBenito
2009-07-30 18:45 Christopher J. PeBenito
2008-12-10 20:24 Christopher J. PeBenito
2008-10-14 18:34 Christopher J. PeBenito
2008-07-02 15:37 Christopher J. PeBenito
2008-04-02 18:14 Christopher J. PeBenito
2007-12-14 18:56 Christopher J. PeBenito
2007-09-28 15:19 Christopher J. PeBenito
2007-10-02 15:29 ` Shintaro Fujiwara
2007-06-29 17:30 Christopher J. PeBenito
2007-04-17 15:07 Christopher J. PeBenito
2007-04-19 20:45 ` Manoj Srivastava
2007-04-19 20:56 ` Karl MacMillan
2007-04-19 23:10 ` Manoj Srivastava
2006-12-12 22:35 Christopher J. PeBenito
2006-10-19 12:57 Christopher J. PeBenito
2006-03-07 15:28 Christopher J. PeBenito
2006-01-17 21:31 Christopher J. PeBenito
2005-10-19 21:50 Christopher J. PeBenito
2005-09-22 20:56 Christopher J. PeBenito
2005-09-07 17:22 Christopher J. PeBenito
2005-08-26 15:57 Christopher J. PeBenito
2005-08-02 15:49 Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43A30097.2020701@redhat.com \
--to=dwalsh@redhat.com \
--cc=cpebenito@tresys.com \
--cc=selinux@tycho.nsa.gov \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).