Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can use macro parameter for filecon path statment? #408

Open
xiuwadream opened this issue Aug 17, 2023 · 2 comments
Open

Can use macro parameter for filecon path statment? #408

xiuwadream opened this issue Aug 17, 2023 · 2 comments

Comments

@xiuwadream
Copy link

I'm trying to write policy using cil.
When I write a filecon in a macro and use macro parameter as file_path it generate unexpected.
For example, my macro like this and expected "/usr/bin -d system_u:object_r:mytype_t:s0"
image
and result is
image
My libselinux and secilc version is 33 (3.3). Is this behavior normal?
@jwcart2
Copy link
Contributor

jwcart2 commented Aug 17, 2023

It is working as expected. Not to say that it couldn't be improved.
We wanted to pass objects in CIL, not strings. We definitely did not want all the string mangling that occurs with arguments in the Reference policy.
A name object was specifically added to allow a filename to be passed into a function for filename type transition rules.
The name object could be generalized to a string object and filecon rules could then resolve the path string, but that work just has never been done.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jwcart2 @xiuwadream and others