On Tue, 2006-10-31 at 16:48 -0500, Karl MacMillan wrote:
On Tue, 2006-10-31 at 12:49 -0500, Stephen Smalley wrote:
On Sun, 2006-10-29 at 21:06 +0100, Dawid Gajownik wrote:
Dnia 10/29/2006 06:33 PM, Użytkownik Joshua Brindle napisał:
Right, that's a hard fix I think, dashes aren't allowed in identifiers and they are treated specially for use in MLS ranges..
Oh, that's really bad :( Without that line files on ntfs-3g filesystem have unlabeled_t type and I would need to give to many privileges to mount_t domain.
So there is no hope to fix it in the clean way?
File it as a bug against checkpolicy.
I looked at fixing this by changing genfscon to use user_identifier instead of identifier (they are the same except user_identifier includes "-"). This made checkpolicy generate a syntax error for all genfscon statements - haven't tracked down what the problem is. The grammer still seems to be unambiguous.
Use "user_id" instead. Otherwise, you'll get a syntax error when the token is classified as an IDENTIFIER (first match) and the grammar says that it must be a USER_IDENTIFIER.
I'll try to get back to it soon, but thought I would post this in case someone knows what the issue is off the top of their head.
Karl