To list:
I have making many modification to my policy configurations files. In the process I tried to make a common set of modifications for the domains/admin/sysadm.te and domains/user/user.te
In the parts that begin with
define(`user_domain',`
....
allow $1_t $1_home_t:dir create_dir_perms;
....
')
of course the sysadm domain is different for the domain.
What I would like to do is
file: domains/user/user.te
define(`user_domain',`
....
sinclude(includes/user-common.inc)
....
')
file: domains/admin/sysadm.te
define(`admin_domain',`
....
sinclude(includes/user-common.inc)
....
')
file: include/user-common.inc
allow $1_t $1_home_t:dir create_dir_perms;
because the line
allow $1_t $1_home_t:dir create_dir_perms;
is the same in both files.
When I tried this I got an error on the allow $1_t $1_home_t:dir create_dir_perms; line
I guess the real question is the sinclude() processed before or after the macro substitution
Thanks,
Mark Westerman
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_tislabs.com>
On Tue, 28 Aug 2001, Westerman, Mark wrote:
> file: domains/user/user.te
>
> define(`user_domain',`
> ....
> sinclude(includes/user-common.inc)
> ....
> ')
The problem is that the sinclude is within the quotes, so it is not being expanded until the substitution occurs. You need to unquote the sinclude so that it is expanded as part of the macro definition, e.g.:
define(`user_domain',`
....
'
sinclude(includes/user-common.inc)
`
....
')
-- Stephen D. Smalley, NAI Labs ssmalley@nai.com -- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT