Joshua Brindle wrote:
> From: Paul Howarth [mailto:email@example.com]
>> Back to the point, my email a few times back suggested
> putting a line
>> with just ; where the rules would be in order to get a
> module without
>> rules, have you tried that?
> Is this with or without the requires clause?
> With the requires clause, the semicolon doesn't seem to make
> any difference.
Ok, now I'm not sure what is going on. I built a policy with no rules
and it linked in fine. (no ; was required either).. The policy_module
statement always brings in a ton of requires (object classes mainly) so
you'll always have requires whether you add them explicitly or not.
What problem are you running into with this?
It's as described in the thread around here:
The gist of it is that I had a policy module package built on one
machine and couldn't load it on another machine with an older version of
libsepol.class_copy_callback: contagged: Modules may not yet declare new
libsemanage.semanage_link_sandbox: Link packages failed
The responses I got suggested that the absence of a policy module from
the policy module package (just file contexts, no rules) were at least
partly responsible for the issue.
The workaround I'm using at the moment is for my RPM packages to have an
RPM "conflict" with selinux-policy versions older than the one my
package is built against.