You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduce warnings in the policy compiler toolchain for inconsistent combinations of policy capabilities and policy rules, e.g. using classes/permissions in rules without enabling the corresponding policy capability and vice versa.
Investigate lighter weight policy capability support, so that we can introduce new policy capabilities without needing to patch libsepol each time just to enable/use the new capability, e.g. allow passing capabilities to the kernel via uninterpreted string name rather than bitmap.
The text was updated successfully, but these errors were encountered:
stephensmalley
changed the title
Improve policy capability support in poilcy toolchain
Improve policy capability support in policy toolchain
May 17, 2017
Introduce warnings in the policy compiler toolchain for inconsistent combinations of policy capabilities and policy rules, e.g. using classes/permissions in rules without enabling the corresponding policy capability and vice versa.
Investigate lighter weight policy capability support, so that we can introduce new policy capabilities without needing to patch libsepol each time just to enable/use the new capability, e.g. allow passing capabilities to the kernel via uninterpreted string name rather than bitmap.
The text was updated successfully, but these errors were encountered: