| Message ID | 20220321115054.150336-1-dominick.grift@defensec.nl (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] optional statement is not valid in if and require statement | expand |
On Mon, Mar 21, 2022 at 10:30 AM Dominick Grift <dominick.grift@defensec.nl> wrote: > > the conditional-policy-statements chapter describes which statements > are allowed in if statements and optional is not one of them > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> Acked-by: James Carter <jwcart2@gmail.com> > --- > v2: adjusts kernel_policy_language.md as well > > src/kernel_policy_language.md | 2 +- > src/modular_policy_statements.md | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/kernel_policy_language.md b/src/kernel_policy_language.md > index b7b72ce..4f01609 100644 > --- a/src/kernel_policy_language.md > +++ b/src/kernel_policy_language.md > @@ -262,7 +262,7 @@ within an *if/else* construct, *optional {rule_list}*, or > | *neverallow* | Yes | Yes |Yes [^fn_kpl_3]| No | Yes | No | > | *neverallowxperm*| Yes | Yes | Yes | No | No | No | > | *nodecon* | Yes | Yes | No | No | No | No | > -| *optional* | No | Yes | Yes | Yes | Yes | Yes | > +| *optional* | No | Yes | Yes | No | Yes | No | > | *permissive* | Yes | Yes | Yes | Yes | Yes | No | > | *policycap* | Yes | Yes | No | No | No | No | > | *portcon* | Yes | Yes | No | No | No | No | > diff --git a/src/modular_policy_statements.md b/src/modular_policy_statements.md > index e62e6ac..508d531 100644 > --- a/src/modular_policy_statements.md > +++ b/src/modular_policy_statements.md > @@ -190,7 +190,7 @@ Conditional Policy Statements > > | *if* Statement | *optional* Statement | *require* Statement | > | ----------------------- | ----------------------- | ----------------------- | > -| Yes | Yes | Yes | > +| No | Yes | No | > > **Examples:** > > -- > 2.35.1 >
On Mon, Mar 21, 2022 at 7:52 AM Dominick Grift <dominick.grift@defensec.nl> wrote: > > the conditional-policy-statements chapter describes which statements > are allowed in if statements and optional is not one of them > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > --- > v2: adjusts kernel_policy_language.md as well > > src/kernel_policy_language.md | 2 +- > src/modular_policy_statements.md | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) Merged, thanks!
diff --git a/src/kernel_policy_language.md b/src/kernel_policy_language.md index b7b72ce..4f01609 100644 --- a/src/kernel_policy_language.md +++ b/src/kernel_policy_language.md @@ -262,7 +262,7 @@ within an *if/else* construct, *optional {rule_list}*, or | *neverallow* | Yes | Yes |Yes [^fn_kpl_3]| No | Yes | No | | *neverallowxperm*| Yes | Yes | Yes | No | No | No | | *nodecon* | Yes | Yes | No | No | No | No | -| *optional* | No | Yes | Yes | Yes | Yes | Yes | +| *optional* | No | Yes | Yes | No | Yes | No | | *permissive* | Yes | Yes | Yes | Yes | Yes | No | | *policycap* | Yes | Yes | No | No | No | No | | *portcon* | Yes | Yes | No | No | No | No | diff --git a/src/modular_policy_statements.md b/src/modular_policy_statements.md index e62e6ac..508d531 100644 --- a/src/modular_policy_statements.md +++ b/src/modular_policy_statements.md @@ -190,7 +190,7 @@ Conditional Policy Statements | *if* Statement | *optional* Statement | *require* Statement | | ----------------------- | ----------------------- | ----------------------- | -| Yes | Yes | Yes | +| No | Yes | No | **Examples:**
the conditional-policy-statements chapter describes which statements are allowed in if statements and optional is not one of them Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- v2: adjusts kernel_policy_language.md as well src/kernel_policy_language.md | 2 +- src/modular_policy_statements.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)