From: Karl MacMillan [mailto:kmacmillan@mentalrootkit.com]
On Wed, 2006-11-01 at 10:27 -0500, Joshua Brindle wrote:
> > From: Karl MacMillan [mailto:kmacmillan@mentalrootkit.com]
> >
> > > > I looked at fixing this by changing genfscon to use
> > user_identifier
> > > > instead of identifier (they are the same except
user_identifier
> > > > includes "-"). This made checkpolicy generate a syntax
> > error for all
> > > > genfscon statements - haven't tracked down what the
> > problem is. The
> > > > grammer still seems to be unambiguous.
> > >
> > > Use "user_id" instead. Otherwise, you'll get a syntax
> > error when the
> > > token is classified as an IDENTIFIER (first match) and
the grammar
> > > says that it must be a USER_IDENTIFIER.
> >
> > Right as usual.
> >
>
> Maybe make user_id more generic as it is no longer only
used for users..
Just making generic would make the user related parts of the
grammar harder to read. What about this:
Fine.
Index: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y (revision 2076)
+++ trunk/checkpolicy/policy_parse.y (working copy)
@@ -605,6 +605,8 @@
;
user_id : identifier
| user_identifier
+ ;
+dash_id : user_id
;
user_def : USER user_id ROLES names opt_mls_user ';'
{if (define_user()) return -1;} @@
-679,11 +681,11 @@
genfs_contexts : genfs_context_def
| genfs_contexts genfs_context_def
;
-genfs_context_def : GENFSCON identifier path '-'
identifier security_context_def
+genfs_context_def : GENFSCON dash_id path '-' identifier
security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path '-' '-'
{insert_id("-", 0);} security_context_def
+ | GENFSCON dash_id path '-' '-'
{insert_id("-", 0);}
+security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path
security_context_def
+ | GENFSCON dash_id path security_context_def
{if (define_genfs_context(0)) return -1;}
;
ipv4_addr_def : number '.' number '.' number
'.' number
Signed-off by: Karl MacMillan <kmacmillan(a)mentalrootkit.com>
Acked-By: Joshua Brindle <jbrindle(a)tresys.com>