Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
Jayson Hurst
swazup at hotmail.com
Thu Mar 6 17:28:07 UTC 2014
I had tried the following, but it still complains about the missing kerberos_read_home_content call.
optional_policy(`
kerberos_rw_config(vasd_t)
kerberos_use(vasd_t)
optional_policy(`
kerberos_read_home_content(vasd_t)
')
')
> Date: Thu, 6 Mar 2014 08:57:27 +0100
> From: mgrepl at redhat.com
> To: selinux at lists.fedoraproject.org
> CC: swazup at hotmail.com
> Subject: Re: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
>
> On 03/05/2014 10:35 PM, Jayson Hurst wrote:
> > I want to use the kerberos_read_home_content interface method, but it
> > seems to be a newer method that doesn't exist on RHEL 6.0, but it does
> > on RHEL 6.5. Is there a way to build a single policy that will take
> > advantage of this call if its there, but not fail to compile/install
> > if it is not?
> Yes,
> you want to use "optional_policy" block .
>
> http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_policy-block-statement/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140306/a54e25a2/attachment.html>
More information about the selinux
mailing list