From 8c2f3ac695779de3fff566041047f29211e5dec7 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 16 Jun 2005 20:30:07 +0000 Subject: [PATCH] have can_exec add a require block --- refpolicy/policy/support/misc_macros.spt | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/refpolicy/policy/support/misc_macros.spt b/refpolicy/policy/support/misc_macros.spt index 1f9d2b01d..b4f4a2aa0 100644 --- a/refpolicy/policy/support/misc_macros.spt +++ b/refpolicy/policy/support/misc_macros.spt @@ -19,4 +19,10 @@ define(`shiftn',`ifelse($1,0,`shift($*)',`shiftn(decr($1),shift(shift($*)))')') # define(`context_template',`ifdef(`enable_mls',`$1:$2',`$1')') dnl -define(`can_exec',`allow $1 $2:file { rx_file_perms execute_no_trans };') +define(`can_exec',` + gen_require(` + class file { rx_file_perms execute_no_trans }; + ') + + allow $1 $2:file { rx_file_perms execute_no_trans }; +')