You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check W-002 should alert you to the mention of a type that isn't required in this module. It checks to make sure that the thing it's alerting about is actually a really declared policy object first:
In source mode, this works fine. But if you're just checking a single module to build against the installed policy using development headers and mention a type without including it, selint misses this, because it doesn't recognize the existing type.
$ ~/selint/src/selint -e W-002 *
Note: Skipping gateway.sh which is not a policy file
Note: Skipping gateway_selinux.spec which is not a policy file
Note: Check E-007 is not performed because no permission macro has been parsed.
gateway.te: 3: (S): Require block used in te file (use an interface call instead) (S-001)
gateway.te: 42: (C): Permissions in av rule not ordered (read before getattr) (C-005)
gateway.te: 44: (C): Permissions in av rule not ordered (transition before siginh) (C-005)
gateway.if: 149: (W): Expression for conditional block uses unknown identifier deny_ptrace (W-012)
The text was updated successfully, but these errors were encountered:
Check W-002 should alert you to the mention of a type that isn't required in this module. It checks to make sure that the thing it's alerting about is actually a really declared policy object first:
selint/src/te_checks.c
Lines 535 to 538 in 17347c4
In source mode, this works fine. But if you're just checking a single module to build against the installed policy using development headers and mention a type without including it, selint misses this, because it doesn't recognize the existing type.
Seen when running selint against this policy: https://github.com/pss-john/se-missing-type
The text was updated successfully, but these errors were encountered: