* Dropping unused booleans
@ 2005-07-22 19:38 Christopher J. PeBenito
2005-07-22 19:44 ` Joshua Brindle
0 siblings, 1 reply; 2+ messages in thread
From: Christopher J. PeBenito @ 2005-07-22 19:38 UTC (permalink / raw)
To: SELinux Mail List
While testing reference policy, I realized that there are booleans that
weren't being used -- they were declared but not actually used in an
if() statement. In my case, I was testing a targeted policy, and all of
the policies that did use the booleans were excluded. It seems that
this is a bad thing. Since conditional policy is used as a
configuration for setting, it provides the system operator/admin with an
option which has no effect, and thus is extremely misleading. It seems
especially important to not have useless options showing up since this
affects operators, which may know nothing about the policy.
I think the best place to happen would be in checkpolicy/libsepol, since
it has the complete policy's true and false lists for each bool. It
would drop the boolean and throw a non-fatal warning message. Thoughts?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Dropping unused booleans
2005-07-22 19:38 Dropping unused booleans Christopher J. PeBenito
@ 2005-07-22 19:44 ` Joshua Brindle
0 siblings, 0 replies; 2+ messages in thread
From: Joshua Brindle @ 2005-07-22 19:44 UTC (permalink / raw)
To: Christopher J. PeBenito; +Cc: SELinux Mail List
Christopher J. PeBenito wrote:
>While testing reference policy, I realized that there are booleans that
>weren't being used -- they were declared but not actually used in an
>if() statement. In my case, I was testing a targeted policy, and all of
>the policies that did use the booleans were excluded. It seems that
>this is a bad thing. Since conditional policy is used as a
>configuration for setting, it provides the system operator/admin with an
>option which has no effect, and thus is extremely misleading. It seems
>especially important to not have useless options showing up since this
>affects operators, which may know nothing about the policy.
>
>I think the best place to happen would be in checkpolicy/libsepol, since
>it has the complete policy's true and false lists for each bool. It
>would drop the boolean and throw a non-fatal warning message. Thoughts?
>
>
I think this is correct, this sounds like something post-expand since a
module could declare a boolean that is used by another module (therefore
you can't determine unused booleans until after linking and expanding)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-07-22 19:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-07-22 19:38 Dropping unused booleans Christopher J. PeBenito
2005-07-22 19:44 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.