From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Karl MacMillan <kmacmillan@tresys.com>,
selinux@tycho.nsa.gov, "'Joshua Brindle'" <jbrindle@tresys.com>
Subject: Re: [PATCH] semanage-functionality 4/17
Date: Wed, 28 Sep 2005 11:21:11 -0400 [thread overview]
Message-ID: <433AB4E7.4080808@cornell.edu> (raw)
In-Reply-To: <1127919144.25945.74.camel@moss-spartans.epoch.ncsc.mil>
>+/* All accesses with semanage is through a "semanage_handle". This
>+ * handler may be with the monolithic policy, directly to a module
>+ * store, or with a policy management server. The handler represents
>+ * a persistent connection to that policy manager. It is created
>+ * through a semanage_connect() call and must be afterwards
>+ * deallocated with semanage_handle_destroy(). */
>+typedef struct semanage_handle semanage_handle_t;
>
>It seems cleaner to separate create from connect, to parallel the
>separation of disconnect from destroy. Further, the implementation
>already makes this easy to do; just need to make the
>semanage_handle_create function exported and change connect to take an
>already created handle rather than creating one of its own. Barring
>objections, I will do this.
>
>
Yes! I was trying to write a sample session with libsemanage yesterday,
to imagine how it would work. I think we should allow queries on local
files with disconnected handles (there's no reason to connect to any
policy server (or create a policydb object), just to enumerate all local
users or booleans (not base), for example).
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-09-28 15:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-27 12:46 [PATCH] semanage-functionality 4/17 Karl MacMillan
2005-09-27 16:54 ` Ivan Gyurdiev
2005-09-27 20:08 ` Stephen Smalley
2005-09-27 20:48 ` Ivan Gyurdiev
2005-09-27 20:57 ` Stephen Smalley
2005-09-30 13:02 ` Ivan Gyurdiev
2005-09-30 13:47 ` Karl MacMillan
2005-09-28 15:21 ` Karl MacMillan
2005-09-27 20:38 ` Karl MacMillan
2005-09-27 21:06 ` Ivan Gyurdiev
2005-09-27 21:10 ` Stephen Smalley
2005-09-28 15:15 ` Karl MacMillan
2005-09-28 14:52 ` Stephen Smalley
2005-09-28 15:21 ` Ivan Gyurdiev [this message]
2005-09-28 15:33 ` Karl MacMillan
2005-09-28 15:31 ` Karl MacMillan
2005-09-28 15:59 ` Stephen Smalley
2005-09-28 16:24 ` Karl MacMillan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=433AB4E7.4080808@cornell.edu \
--to=ivg2@cornell.edu \
--cc=jbrindle@tresys.com \
--cc=kmacmillan@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.