From: Joshua Brindle <jbrindle@tresys.com>
To: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Cc: alexander-barclay@utulsa.edu, Brandon Pollet <brandon@utulsa.edu>,
SELinux@tycho.nsa.gov, John Hale <john-hale@utulsa.edu>
Subject: Re: XML Based Policy Configuration for SELinux
Date: Wed, 22 Jun 2005 07:22:43 -0400 [thread overview]
Message-ID: <42B94A03.8020508@tresys.com> (raw)
In-Reply-To: <20050622053327.GB14480@lkcl.net>
Luke Kenneth Casson Leighton wrote:
>On Tue, Jun 21, 2005 at 11:46:30PM -0400, Joshua Brindle wrote:
>
>
>
>>>Wish List item 3)
>>>
>>>that the tools that do the converting to/from XML be
>>>written in python!!!
>>>
>>>
>>>
>>>
>>The doctool to generate module.conf, tunables.conf and the html docs for
>>the reference policy is in python :)
>>
>>
>
> wheeeee :)
>
>
>
glad you approve :)
>>>XML is the sort of thing that allows people with very little
>>>understanding of e.g. selinux to write, write, using simple
>>>libraries, their Own Glorious parsing analysis and communication
>>>tools.
>>>
>>>
>>>
>>>
>>>
>>I'm not sure what this means. How does XML help people that don't
>>understand selinux do anything?
>>
>>
>
> to illustrate: i did not need to understand anything about the ordering
> of the application of incoming NAT and incoming firewall rules which
> are different from the ordering of the application of outgoing NAT and
> outgoing firewall rules in order to write my fw_builder.py program,
> which simply takes the output of fwbuilder (an XML file) and spews
> forth a prettified HTML version of the firewall policy.
>
> more later.
>
>
This isn't right. The XML part of this equation is just the route those
authors chose to get a free parser, the tool would work exactly the same
from the user prespective if the file format was binary using
alternating happy faces and frowny faces. It's just the tool and the
developers that have to deal with the backend storage format. It might
be nice in the firewall case to transform the config file into html but
I can't think of a way this is helpful for SELinux policy.
The bottom line is that the tools would be great but the XML has nothing
to do with that.
Joshua
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-06-22 11:22 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-21 17:37 XML Based Policy Configuration for SELinux Brandon Pollet
2005-06-21 18:49 ` Luke Kenneth Casson Leighton
2005-06-21 19:59 ` alexander-barclay
2005-06-21 21:20 ` Luke Kenneth Casson Leighton
2005-06-21 22:11 ` Alex Barclay
2005-06-21 23:45 ` Joshua Brindle
2005-06-22 0:41 ` Luke Kenneth Casson Leighton
2005-06-22 3:46 ` Joshua Brindle
2005-06-22 5:33 ` Luke Kenneth Casson Leighton
2005-06-22 11:22 ` Joshua Brindle [this message]
2005-06-22 22:38 ` Luke Kenneth Casson Leighton
2005-06-23 0:22 ` Ivan Gyurdiev
2005-06-27 16:01 ` Junji Kanemaru
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42B94A03.8020508@tresys.com \
--to=jbrindle@tresys.com \
--cc=SELinux@tycho.nsa.gov \
--cc=alexander-barclay@utulsa.edu \
--cc=brandon@utulsa.edu \
--cc=john-hale@utulsa.edu \
--cc=lkcl@lkcl.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.