mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-03-06 18:27:06 +00:00
b6e519e542
When we copy a blockinherit statement, we perform actions that assume the blockinherit statement was already resolved. However, this isn't the case if the statement was copied from a tunableif or an in-statement, since those are resolve before blockinherits and blocks. So when copying a blockinherit that hasn't been resolved, ignore the code that associates blocks with the blockinherit; that will all be handled when the copied blockinherit is actually resolved later. Additionally, restrict block, blockabstract, and blockinherit statements from appearing in macros. These statements are all resolved before macros due to ordering issues, so they must not appear inside macros. Note that in addition to doing the checks in build_ast, they are also done in resolve_ast. This is because an in-statement could copy a block statement into a macro, which we would not know about until after the in-statement was resolved. Signed-off-by: Steve Lawrence <slawrence@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Please submit all bug reports and patches to selinux@tycho.nsa.gov. Subscribe via selinux-join@tycho.nsa.gov. Build dependencies on Fedora: yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel To build and install everything under a private directory, run: make DESTDIR=~/obj install install-pywrap To install as the default system libraries and binaries (overwriting any previously installed ones - dangerous!), on x86_64, run: make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel or on x86 (32-bit), run: make install install-pywrap relabel This may render your system unusable if the upstream SELinux userspace lacks library functions or other dependencies relied upon by your distribution. If it breaks, you get to keep both pieces.