From: James Carter <jwcart2@tycho.nsa.gov>
To: Joshua Brindle <jbrindle@tresys.com>
Cc: Caleb Case <ccase@tresys.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
selinux@tycho.nsa.gov, Chad Sellers <csellers@tresys.com>,
Karl MacMillan <kmacmillan@tresys.com>
Subject: RE: [PATCH 13/13] semanage store migration script
Date: Mon, 11 Jan 2010 15:45:01 -0500 [thread overview]
Message-ID: <1263242701.2075.18.camel@localhost> (raw)
In-Reply-To: <06A6610D4F464D4EBEAFBF2C5F86911E018D799C@exchange2.columbia.tresys.com>
On Mon, 2010-01-11 at 14:57 -0500, Joshua Brindle wrote:
> On 2010-01-11 James Carter wrote:
> > On Fri, 2010-01-08 at 16:27 -0500, Caleb Case wrote:
> <snip>
> >>>
> >>>
> >>> 3) I can't remove the permissive domain created before the migration
> >>> because the default priority level is 400, but the script put
> >>> everything at priority 100 and I don't know how to change the priority
> >>> for semanage.
> >>
> >> semanage hasn't been updated yet to let you specify priorities.
> >>
> > I noticed. ;)
> > So why does the migration script put everything into priority 100
> > instead of the default priority?
> >
>
>
> priority 100 is for policies distributed by the distro, 400 is default for user actions (eg., running semodule without adding a priority)
>
> I guess we could add some smarts to the migration script to put things like permissive modules and "local.pp" kinds of modules at 400.
>
> or add a list of modules distributed by red hat *shrug*
>
> I'm not sure any of these are good ideas, but they might soften the migration blow.
>
Oh wait. I was thinking that 100 was a higher priority. I couldn't
understand why everything was migrated into a higher priority than the
default. Now it makes sense.
It still might make sense to put local.pp and permissive modules into
the default priority. It could be very confusing to have these exist in
multiple priorities.
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2010-01-11 20:45 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-23 23:25 [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Caleb Case
2009-12-23 23:25 ` [PATCH 01/13] libsemanage: fix typo in tests makefile -o -> -O Caleb Case
2009-12-23 23:25 ` [PATCH 02/13] semanage: move permissive module creation to /tmp Caleb Case
2009-12-23 23:25 ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Caleb Case
2009-12-23 23:25 ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Caleb Case
2009-12-23 23:25 ` [PATCH 05/13] libsemanage: update unit tests for move to /var/lib/selinux Caleb Case
2009-12-23 23:25 ` [PATCH 06/13] libsemanage: add default priority to semanage_handle_t Caleb Case
2009-12-23 23:25 ` [PATCH 07/13] libsemanage: augment semanage_module_info_t and provide semanage_module_key_t Caleb Case
2009-12-23 23:25 ` [PATCH 08/13] libsemanage: get/set module info and enabled status Caleb Case
2009-12-23 23:25 ` [PATCH 09/13] libsemanage: provide function to get new base module path Caleb Case
2009-12-23 23:25 ` [PATCH 10/13] libsemanage: installing/upgrading/removing modules via info and key Caleb Case
2009-12-23 23:25 ` [PATCH 11/13] libsemanage: new private api for unstable functions Caleb Case
2009-12-23 23:25 ` [PATCH 12/13] semodule: add priority, enabled, and extended listing Caleb Case
2009-12-23 23:26 ` [PATCH 13/13] semanage store migration script Caleb Case
2010-01-08 15:34 ` Stephen Smalley
2010-01-08 20:59 ` James Carter
2010-01-08 21:05 ` Stephen Smalley
2010-01-08 21:27 ` Caleb Case
2010-01-11 19:53 ` James Carter
2010-01-11 19:57 ` Joshua Brindle
2010-01-11 20:45 ` James Carter [this message]
2010-01-08 14:30 ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Stephen Smalley
2010-01-08 15:07 ` James Carter
2010-01-08 15:28 ` Stephen Smalley
2010-01-08 18:25 ` Caleb Case
2010-01-08 20:19 ` Joshua Brindle
2010-01-08 20:25 ` Stephen Smalley
2010-01-08 20:30 ` Joshua Brindle
2010-01-08 20:51 ` Joshua Brindle
2010-01-08 20:58 ` Stephen Smalley
2010-01-08 21:02 ` Joshua Brindle
2010-01-08 21:04 ` Stephen Smalley
2010-01-08 21:12 ` James Carter
2010-01-08 14:28 ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Stephen Smalley
2010-01-08 14:50 ` James Carter
2010-01-08 15:19 ` Stephen Smalley
2010-01-07 22:28 ` [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Chad Sellers
2010-01-08 14:30 ` James Carter
2010-01-21 21:06 ` Chad Sellers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1263242701.2075.18.camel@localhost \
--to=jwcart2@tycho.nsa.gov \
--cc=ccase@tresys.com \
--cc=csellers@tresys.com \
--cc=jbrindle@tresys.com \
--cc=kmacmillan@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.