diff --git a/refpolicy/Changelog b/refpolicy/Changelog index f91ce4a..f26ac5a 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ + * Change sedoctool to make required modules part of base + by default, otherwise make as modules, in modules.conf. * Fix segenxml to handle modules with no interfaces. * Rename ipsec connect interface for consistency. * Add missing parts of unix stream socket connect interface diff --git a/refpolicy/support/sedoctool.py b/refpolicy/support/sedoctool.py index 407ab6d..4094e0b 100755 --- a/refpolicy/support/sedoctool.py +++ b/refpolicy/support/sedoctool.py @@ -123,12 +123,23 @@ def gen_module_conf(doc, file_name, namevalue_list): for line in s: file_name.write("# %s\n" % line) + # If the module is set as disabled. if [mod_name, MOD_DISABLED] in namevalue_list: file_name.write("%s = %s\n\n" % (mod_name, MOD_DISABLED)) + # If the module is set as enabled. elif [mod_name, MOD_ENABLED] in namevalue_list: file_name.write("%s = %s\n\n" % (mod_name, MOD_ENABLED)) - else: + # If the module is set as base. + elif [mod_name, MOD_BASE] in namevalue_list: file_name.write("%s = %s\n\n" % (mod_name, MOD_BASE)) + # If the module is a new module. + else: + # Set the module to base if it is marked as required. + if mod_req: + file_name.write("%s = %s\n\n" % (mod_name, MOD_BASE)) + # Set the module to enabled if it is not required. + else: + file_name.write("%s = %s\n\n" % (mod_name, MOD_ENABLED)) def get_conf(conf): """