3:35 p.m.
New subject: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
I want to use the kerberos_read_home_content interface method, but it seems to be a newer
method that doesn't exist on RHEL 6.0, but it does on RHEL 6.5. Is there a way to
build a single policy that will take advantage of this call if its there, but not fail to
compile/install if it is not?
1:57 a.m.
New subject: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
On 03/05/2014 10:35 PM, Jayson Hurst wrote:
I want to use the kerberos_read_home_content interface method, but it
seems to be a newer method that doesn't exist on RHEL 6.0, but it does
on RHEL 6.5. Is there a way to build a single policy that will take
advantage of this call if its there, but not fail to compile/install
if it is not?
Yes,
you want to use "optional_policy" block .
http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_p...
11:28 a.m.
New subject: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
I had tried the following, but it still complains about the missing
kerberos_read_home_content call.
optional_policy(`
kerberos_rw_config(vasd_t)
kerberos_use(vasd_t)
optional_policy(`
kerberos_read_home_content(vasd_t)
')
')
Date: Thu, 6 Mar 2014 08:57:27 +0100
From: mgrepl(a)redhat.com
To: selinux(a)lists.fedoraproject.org
CC: swazup(a)hotmail.com
Subject: Re: Is there a way to use newer SELinux interface calls, but still compile on
machines that don't have them.
On 03/05/2014 10:35 PM, Jayson Hurst wrote:
> I want to use the kerberos_read_home_content interface method, but it
> seems to be a newer method that doesn't exist on RHEL 6.0, but it does
> on RHEL 6.5. Is there a way to build a single policy that will take
> advantage of this call if its there, but not fail to compile/install
> if it is not?
Yes,
you want to use "optional_policy" block .
http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_p...
12:21 p.m.
New subject: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Right option_policy only covers missing types not missing interfaces. You
need to back port the interface. It is only source code.
On 03/06/2014 12:28 PM, Jayson Hurst wrote:
I had tried the following, but it still complains about the missing
kerberos_read_home_content call.
optional_policy(` kerberos_rw_config(vasd_t) kerberos_use(vasd_t)
optional_policy(` kerberos_read_home_content(vasd_t) ') ')
> Date: Thu, 6 Mar 2014 08:57:27 +0100 From: mgrepl(a)redhat.com To:
> selinux(a)lists.fedoraproject.org CC: swazup(a)hotmail.com Subject: Re: Is
> there a way to use newer SELinux interface calls, but still
compile on machines that don't have them.
>
> On 03/05/2014 10:35 PM, Jayson Hurst wrote:
>> I want to use the kerberos_read_home_content interface method, but it
>> seems to be a newer method that doesn't exist on RHEL 6.0, but it does
>> on RHEL 6.5. Is there a way to build a single policy that will take
>> advantage of this call if its there, but not fail to compile/install if
>> it is not?
> Yes, you want to use "optional_policy" block .
>
>
http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_p...
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMYvJAACgkQrlYvE4MpobO49QCfQHAruPmP0FIHi/hZpXt6upl+
Ku4AniSEX1uZkXsDW3RmfawMW/AV6aVE
=TriK
-----END PGP SIGNATURE-----
2:18 p.m.
New subject: Is there a way to use newer SELinux interface calls, but still compile on machines that don't have them.
Thanks Dan, I didn't realize that optional_policy was for types only.
Date: Thu, 6 Mar 2014 13:21:04 -0500
From: dwalsh(a)redhat.com
To: swazup(a)hotmail.com; mgrepl(a)redhat.com; selinux(a)lists.fedoraproject.org
Subject: Re: Is there a way to use newer SELinux interface calls, but still compile on
machines that don't have them.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Right option_policy only covers missing types not missing interfaces. You
need to back port the interface. It is only source code.
On 03/06/2014 12:28 PM, Jayson Hurst wrote:
> I had tried the following, but it still complains about the missing
> kerberos_read_home_content call.
>
> optional_policy(` kerberos_rw_config(vasd_t) kerberos_use(vasd_t)
> optional_policy(` kerberos_read_home_content(vasd_t) ') ')
>
>> Date: Thu, 6 Mar 2014 08:57:27 +0100 From: mgrepl(a)redhat.com To:
>> selinux(a)lists.fedoraproject.org CC: swazup(a)hotmail.com Subject: Re: Is
>> there a way to use newer SELinux interface calls, but still
> compile on machines that don't have them.
>>
>> On 03/05/2014 10:35 PM, Jayson Hurst wrote:
>>> I want to use the kerberos_read_home_content interface method, but it
>>> seems to be a newer method that doesn't exist on RHEL 6.0, but it does
>>> on RHEL 6.5. Is there a way to build a single policy that will take
>>> advantage of this call if its there, but not fail to compile/install if
>>> it is not?
>> Yes, you want to use "optional_policy" block .
>>
>>
>
http://mgrepl.wordpress.com/2012/03/23/when-should-you-use-the-optional_p...
>
>
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlMYvJAACgkQrlYvE4MpobO49QCfQHAruPmP0FIHi/hZpXt6upl+
Ku4AniSEX1uZkXsDW3RmfawMW/AV6aVE
=TriK
-----END PGP SIGNATURE-----
3703
days inactive
3709
days old
selinux@lists.fedoraproject.org
5 comments
4 participants
participants (4)
-
Daniel J Walsh -
Jayson Hurst -
Miroslav Grepl -
zhengyao zhao