[refpolicy] Calling typeattribute within a tunable_policy() is not allowed?
Christopher J. PeBenito
cpebenito at tresys.com
Fri Aug 19 07:04:46 CDT 2011
On 08/18/11 21:44, HarryCiao wrote:
>
>> > > I guess that attributes are not something that can be switched on/off
>> > > through a tunable.
>> >
>> > Just a side note, so far the tunable is implemented as boolean, and the
>> > tunable_policy macro is expanded as if-else conditionals by m4, aiming
>> > to define some block of rules that could be switched on/off at runtime.
>> > However, the tunable and tunable_policy should take effect at module
>> > link/expand time - if the tunable if off, then related block of rules
>> > would not be linked and expanded at all.
>>
>> Yes, that is the reason I created tunables. The toolchain just hasn't
>> implemented that support yet. CIL will have this support, but thats not
>> done yet.
>
> I just started to add such support for separating tunable from boolean
> in the toolchain, hope it would be useful for CIL as well.
I think its already been implemented in CIL. You should talk to Steve
Lawrence about it.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy
mailing list