[redhat-lspp] LSPP Development Telecon 11/28/2005 Minutes
Stephen Smalley
sds at tycho.nsa.gov
Wed Dec 7 15:58:02 UTC 2005
On Thu, 2005-12-01 at 11:35 -0600, Joy Latten wrote:
> Ok, I will work on this as time permits. When completed I will send out
> a notice.
Just FYI, I briefly tried the new audit2allow -t -r (or -m) support, and
it didn't work well on the testsuite policy. It is only designed to
support conversion of local.te files previously generated using
audit2allow, so it is limited to taking simple allow rules and
generating the necessary module syntax. The testsuite policy involves
more than just simple allow rules (it includes type declarations, type
transitions, role statements, etc), and it is written using macros
defined in the base policy, so simply applying audit2allow -t -r to the
testsuite .te files doesn't work. You might be able to pre-process the
testsuite .te files (via m4 with the necessary macro files), extract
just the allow rules, and feed that into audit2allow -t -r to generate
the requires statements, but you'd still need to put it all back
together again. And it would be nice to keep the testsuite policy
written in terms of macros (just using the reference policy interfaces
instead of the old ones).
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list