-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi,
In Fedora 23 the policy_module declaration is ignored and the policy module name is taken from the module filename. This can cause confusion for the users in some cases (same policy module declared in different files).
# cat test_noaccess.te policy_module(policy_tools_test, 1.0) [snip]
# make -f /usr/share/selinux/devel/Makefile Compiling mls test_noaccess module /usr/bin/checkmodule: loading policy configuration from tmp/test_noaccess.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/test_noaccess.mod Creating mls test_noaccess.pp policy package rm tmp/test_noaccess.mod.fc tmp/test_noaccess.mod
# semodule -i test_noaccess.pp | grep noaccess test_noaccess
If the policy_module is now being ignored, could the policy module "compilation" print a warning about that? Or, maybe better, to generate the module name according to the policy_module specification so we do not regress in the behavior?
Thanks and best regards, /M
- -- Miroslav Vadkerti :: Senior QE / RHCSS :: BaseOS QE - Security IRC mvadkert at #qe #urt #brno #rpmdiff :: GnuPG ID 0x25881087 at pgp.mit.edu Phone +420 532 294 129 :: Mobile +420 773 944 252 Red Hat s.r.o, Purkyňova 99/71, 612 45, Brno, Czech Republic