From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Karl MacMillan <kmacmillan@tresys.com>,
selinux@tycho.nsa.gov, jbrindle@tresys.com
Subject: Re: [ SEPOL/SEMANAGE ] Boolean record
Date: Wed, 21 Sep 2005 12:14:06 -0400 [thread overview]
Message-ID: <433186CE.30007@cornell.edu> (raw)
In-Reply-To: <1127312484.2550.16.camel@moss-spartans.epoch.ncsc.mil>
>Then I think you need to hide this type aliasing and interface aliasing
>within libsemanage, and not make it visible in its public headers.
>
Ok, the records will be un-inlined as requested.
I'll also be adding an avrule record soon. Another planned record is one
for the file_context format. This one is clearly semanage-only, since
the file_contexts specification does not live in policy. I'm not sure
how that will be used at this point, but I think it will become
important when we have to deal with labeling home directories. In
general, it would be nice to be able to edit the file_contexts
programmatically (maybe clear dependencies after module removal - not
sure how tresys deals with things like that currently...probably better
to use per-module file_contexts).
> And
>I'm still not clear whether libsemanage should be exporting these
>particular interfaces directly to its users, versus higher level
>interfaces that are internally implemented in terms of the libsepol
>primitives. Do you expect libsemanage clients to be directly doing
>things like semanage_port_compare?
>
>
Probably not, but those interfaces don't do any harm - now you can check
whether two opaque records represent the same data element, without
knowing their structure.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-09-21 16:14 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-20 7:40 [ SEPOL/SEMANAGE ] Boolean record Ivan Gyurdiev
2005-09-20 19:06 ` Stephen Smalley
2005-09-20 19:35 ` Ivan Gyurdiev
2005-09-20 19:56 ` Stephen Smalley
2005-09-20 20:16 ` Ivan Gyurdiev
2005-09-20 20:22 ` Stephen Smalley
2005-09-20 20:48 ` Karl MacMillan
2005-09-20 21:07 ` Ivan Gyurdiev
2005-09-21 14:21 ` Stephen Smalley
2005-09-21 16:14 ` Ivan Gyurdiev [this message]
2005-09-20 21:42 ` Ivan Gyurdiev
2005-09-21 14:35 ` Stephen Smalley
2005-09-21 17:48 ` Karl MacMillan
2005-09-21 17:51 ` Stephen Smalley
2005-09-21 17:53 ` Stephen Smalley
2005-09-21 18:03 ` Karl MacMillan
2005-09-21 18:37 ` Ivan Gyurdiev
2005-09-21 18:33 ` Karl MacMillan
2005-09-22 1:50 ` Ivan Gyurdiev
2005-09-23 12:34 ` Karl MacMillan
2005-09-20 20:45 ` [ SEPOL ] Fix memory leaks Ivan Gyurdiev
2005-09-21 14:44 ` Stephen Smalley
2005-09-21 14:41 ` [ SEPOL/SEMANAGE ] Boolean record Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=433186CE.30007@cornell.edu \
--to=ivg2@cornell.edu \
--cc=jbrindle@tresys.com \
--cc=kmacmillan@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.