From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: James Carter <jwcart2@gmail.com>
Subject: [PATCH 3/4] secilc/docs: Document the optional file type for genfscon rules
Date: Wed, 27 Oct 2021 14:12:09 -0400 [thread overview]
Message-ID: <20211027181210.1019597-4-jwcart2@gmail.com> (raw)
In-Reply-To: <20211027181210.1019597-1-jwcart2@gmail.com>
Update the CIL documentation to include the optional file type for
genfscon rules.
Signed-off-by: James Carter <jwcart2@gmail.com>
---
secilc/docs/cil_file_labeling_statements.md | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/secilc/docs/cil_file_labeling_statements.md b/secilc/docs/cil_file_labeling_statements.md
index ed7b7bf9..73f73885 100644
--- a/secilc/docs/cil_file_labeling_statements.md
+++ b/secilc/docs/cil_file_labeling_statements.md
@@ -36,11 +36,13 @@ Define entries for labeling files. The compiler will produce these entries in a
<col width="44%" />
<col width="55%" />
</colgroup>
-<tbody>
+<thead>
<tr class="odd">
<td align="left"><p><strong>keyword</strong></p></td>
<td align="left"><p><strong>file_contexts entry</strong></p></td>
</tr>
+</thead>
+<tbody>
<tr class="even">
<td align="left"><p><code>file</code></p></td>
<td align="left"><p><code>--</code></p></td>
@@ -185,7 +187,7 @@ Used to allocate a security context to filesystems that cannot support any of th
**Statement definition:**
```secil
- (genfscon fsname path context_id)
+ (genfscon fsname path [file_type] context_id)
```
**Where:**
@@ -209,6 +211,10 @@ Used to allocate a security context to filesystems that cannot support any of th
<td align="left"><p>If <code>fsname</code> is <code>proc</code>, then the partial path (see examples). For all other types this must be ‘<code>/</code>’.</p></td>
</tr>
<tr class="even">
+<td align="left"><p><code>file_type</code></p></td>
+<td align="left"><p>Optional keyword representing a file type. Valid values are the same as in [`filecon`](cil_file_labeling_statements.md#filecon) rules.</p></td>
+</tr>
+<tr class="odd">
<td align="left"><p><code>context_id</code></p></td>
<td align="left"><p>A previously declared <code>context</code> identifier or an anonymous security context (<code>user role type levelrange</code>), the range MUST be defined whether the policy is MLS/MCS enabled or not.</p></td>
</tr>
--
2.31.1
next prev parent reply other threads:[~2021-10-27 18:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-27 18:12 [PATCH 0/4] Fix/add optional file type handling for genfscon rules James Carter
2021-10-27 18:12 ` [PATCH 1/4] libsepol: Add support for file types in writing out policy.conf James Carter
2021-10-27 18:12 ` [PATCH 2/4] libsepol/cil: Allow optional file type in genfscon rules James Carter
2021-10-27 18:12 ` James Carter [this message]
2021-10-27 18:12 ` [PATCH 4/4] libsepol: Write out genfscon file type when writing out CIL policy James Carter
2021-11-04 20:09 ` [PATCH 0/4] Fix/add optional file type handling for genfscon rules Stephen Smalley
2021-11-08 21:46 ` Nicolas Iooss
2021-11-09 20:49 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211027181210.1019597-4-jwcart2@gmail.com \
--to=jwcart2@gmail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.