[checkpolicy] default_rules should be optional
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Dec 21 13:35:21 UTC 2011
commit 228c1db0c3e60a161c26d3e2a43a241456e70d14
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Dec 21 13:35:19 2011 +0000
default_rules should be optional
checkpolicy-rhat.patch | 9 ++++++---
checkpolicy.spec | 5 ++++-
2 files changed, 10 insertions(+), 4 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index 0943a49..c752f32 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -292,7 +292,7 @@ index 92a9be7..ccbe56f 100644
int define_compute_type(int which);
int define_conditional(cond_expr_t *expr, avrule_t *t_list, avrule_t *f_list );
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
-index d808111..3b7357f 100644
+index d808111..d92cc32 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -143,6 +143,8 @@ typedef int (* require_func_t)();
@@ -309,14 +309,17 @@ index d808111..3b7357f 100644
{ if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; }
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }}
- opt_mls te_rbac users opt_constraints
-+ default_rules opt_mls te_rbac users opt_constraints
++ opt_default_rules opt_mls te_rbac users opt_constraints
{ if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;}
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}}
initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts
-@@ -195,6 +197,36 @@ av_perms_def : CLASS identifier '{' identifier_list '}'
+@@ -195,6 +197,39 @@ av_perms_def : CLASS identifier '{' identifier_list '}'
| CLASS identifier INHERITS identifier '{' identifier_list '}'
{if (define_av_perms(TRUE)) return -1;}
;
++opt_default_rules : default_rules
++ |
++ ;
+default_rules : default_user_def
+ | default_role_def
+ | default_range_def
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 5850ce3..72460e4 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -3,7 +3,7 @@
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.1.7
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -56,6 +56,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol
%changelog
+* Wed Dec 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.7-3
+- default_rules should be optional
+
* Thu Dec 15 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.7-2
- Rebuild with latest libsepol
More information about the scm-commits
mailing list