From: method@manicmethod.com
To: selinux@tycho.nsa.gov, kmacmillan@mentalrootkit.com
Subject: [POLICYREP] [RFC/PATCH 0/3] policy package implementation with xar
Date: Tue, 17 Jul 2007 11:03:36 -0400 [thread overview]
Message-ID: <20070717150336.135143158@manicmethod.com> (raw)
This uses xar <http://code.google.com/p/xar/> to implement policy packages. This brings in a fair number of dependancies, unfortunately, but provides a useful featureset in exchange. This includes transparent compression of files in the package, signature support and so on.
Currently it uses the filename to determine the kind of file (eg., file_context file vs. policy module) which is non-ideal, I think it might be better to use xar attributes in the ToC to specify the file but that means we'd have to implement our own packaging functions and could not use the xar command line utility to create packages. Since we don't currently do anything special like that there is no package_write functionality (or set operators for the implimentation).
I also have concerns about using the module name property as that should be abstract to this code, instead using a xar subdocument could allow us to define the 'name' of the policy as a policy package attribute instead of putting it in the module. This is completely different from how the current code works but I feel like the name should be associated with the policy package rather than the module.
Comments welcome. This is primarilly an RFC to see if this is how we want to handle policy packages, though it should be mergable in its current state if everyone agrees this is the ideal implementation.
FWIW I also looked for more 'lightweight' archival systems and found that no libraries exist for tar, ar or cpio. A quick search of yum only shows one archive library and it is zip format.
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2007-07-17 15:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-17 15:03 method [this message]
2007-07-17 15:03 ` [POLICYREP] [RFC/PATCH 1/3] policy package class method
2007-07-17 15:31 ` Karl MacMillan
2007-07-17 16:23 ` Joshua Brindle
2007-07-17 18:30 ` Karl MacMillan
2007-07-17 20:33 ` Joshua Brindle
2007-07-17 21:01 ` Karl MacMillan
2007-07-17 15:03 ` [POLICYREP] [RFC/PATCH 2/3] policy package implementation method
2007-07-17 15:38 ` Karl MacMillan
2007-07-17 16:40 ` Joshua Brindle
2007-07-17 18:35 ` Karl MacMillan
2007-07-17 20:48 ` Joshua Brindle
2007-07-17 20:48 ` Joshua Brindle
2007-07-17 20:56 ` Karl MacMillan
2007-07-17 21:01 ` Joshua Brindle
2007-07-17 21:11 ` Karl MacMillan
2007-07-18 12:32 ` Christopher J. PeBenito
2007-07-17 15:03 ` [POLICYREP] [RFC/PATCH 3/3] policy package tests method
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070717150336.135143158@manicmethod.com \
--to=method@manicmethod.com \
--cc=kmacmillan@mentalrootkit.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.