From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j5FNWAgA026891 for ; Wed, 15 Jun 2005 19:32:10 -0400 (EDT) Received: from mail.nagafix.co.uk (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id j5FNNc9j028096 for ; Wed, 15 Jun 2005 23:23:38 GMT Subject: Re: ANN: SELinux Reference Policy Release From: antoine To: Colin Walters Cc: "Christopher J. PeBenito" , SELinux Mail List In-Reply-To: <1118874951.24338.35.camel@nexus.verbum.private> References: <1118871745.18294.28.camel@sgc.columbia.tresys.com> <1118874951.24338.35.camel@nexus.verbum.private> Content-Type: text/plain Date: Thu, 16 Jun 2005 00:25:49 +0100 Message-Id: <1118877949.10103.19.camel@localhost> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov (...) Good work! > # Define derived domains for GPG from @userdomain > # @param user The user domain to derive from > # @param userrole The user role to authorize for GPG > function gpg_per_userdomain(domain user, role userrole) { > derivedtype gpg_t from user > > domain_type(gpg_t) > domain_entry_file(gpg_t, gpg_exec_t) > role userrole types gpg_t > > ... > > The key idea here is that an IDE could actually parse this, Not just IDEs, my brain finds it easier to parse too. XML if overused nowadays. > and easily > determine programatically what types and roles are generated by the > function, without doing hacks like expanding the M4 and parsing that, > and then guessing. Absolutely. Antoine -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.