* Need functions to manipulare users file.
@ 2005-03-17 21:06 Daniel J Walsh
2005-03-17 21:16 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Daniel J Walsh @ 2005-03-17 21:06 UTC (permalink / raw)
To: Stephen Smalley, SELinux
Stephen we want to build a patch to either libselinux or libsepol or a
third library to manipulate the local.users file.
Basically useradd, usermod, userdel and freinds need to call
selinux_adduser(dwalsh, staff_r, sysadm_r, ...)
selinux_deluser(dwalsh)
selinux_moduser(dwalsh, user_r, ...)
Do you think this belongs to libgenpol or libselinux or some third
libary, like tresys has this.
Basically libgenpol understands the file format and libselinux
understands the way selinux
is installed.
Dan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Need functions to manipulare users file.
2005-03-17 21:06 Need functions to manipulare users file Daniel J Walsh
@ 2005-03-17 21:16 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2005-03-17 21:16 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SELinux
On Thu, 2005-03-17 at 16:06 -0500, Daniel J Walsh wrote:
> Stephen we want to build a patch to either libselinux or libsepol or a
> third library to manipulate the local.users file.
libsepol already has to understand the users source file format for
reading it by sepol_genusers(3), and doesn't depend on running on a
SELinux system. So I think it is likely the right place. Since
libsepol doesn't assume that it is running on a SELinux system and
doesn't want to assume the presence of /etc/selinux/config, the caller
has to provide the path to the users directory, so for example,
load_policy passes the result of selinux_users_path(3), which is
provided by libselinux, to sepol_genusers(3).
Ultimately, the policy source parsing code might be moved into libsepol
so that it not only provides manipulation of binary policies and user
source files but also manipulation of any source.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-03-17 21:16 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-03-17 21:06 Need functions to manipulare users file Daniel J Walsh
2005-03-17 21:16 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.