From: Joshua Brindle <jbrindle@tresys.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ivan Gyurdiev <ivg2@cornell.edu>,
SELinux-dev@tresys.com, dwalsh@redhat.com, selinux@tycho.nsa.gov
Subject: Re: [ SEMANAGE ] [ SEPOL ] More database work
Date: Thu, 13 Oct 2005 18:35:50 -0400 [thread overview]
Message-ID: <434EE146.3010804@tresys.com> (raw)
In-Reply-To: <1129231767.13490.31.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Tue, 2005-10-11 at 08:51 -0400, Stephen Smalley wrote:
>
>>Any thoughts on the above question? If we leave it publically defined,
>>then users can still directly allocate/free sepol_module_package's
>>rather than using the provided create/free interfaces and can directly
>>access the policy, file_contexts, and file_context_len fields. Do we
>>anticipate sepol_module_package's including other information in the
>>future?
>>
>>Also, I wanted to note that when I introduced create/free interfaces for
>>sepol_module_package, I had to rename the existing interface named
>>"sepol_module_package_create" to "sepol_module_package_create_file".
>>That interface was for creating a package file from a policy file and a
>>file contexts file, not for creating the struct itself.
>
>
> Patch below hides the sepol_module_package type definition within
> libsepol, committed to cvs.
>
> We still need to decide what to do about the
> sepol_module_package_create_file interface to make it extensible; one
> option is to discard it and require the caller to build up a
> sepol_module_package struct via a create/set_xx/set_yy sequence and then
> use the write interface to write the final package file. It appears the
> we would only need/want a set_file_contexts interface at present, as the
> policydb is allocated by the create interface and can be extracted via
> get and then populated using the other policydb interfaces (read,
> expand_module, etc). The only user of the create_file interface
> presently is semodule_package.
>
> Also need to deal with the package file format itself, i.e. versioning,
> sections, etc. per the discussion on fedora-selinux-list.
>
It also seems like the current CLI for semanage_package is insufficient.
If we are building support into the format and API for sections and
other data the semanage_package options should reflect what sections are
you are filling in with what data, something like
-f file_contexts
-m module data
and anything else added later would obviously get an argument.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-10-13 22:35 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-06 16:01 [ SEMANAGE ] [ SEPOL ] More database work Ivan Gyurdiev
2005-10-06 16:05 ` Ivan Gyurdiev
2005-10-06 19:27 ` Stephen Smalley
2005-10-07 14:30 ` Stephen Smalley
2005-10-07 15:52 ` Stephen Smalley
2005-10-07 18:30 ` Stephen Smalley
2005-10-07 19:36 ` Joshua Brindle
2005-10-07 19:54 ` Stephen Smalley
2005-10-07 20:15 ` Joshua Brindle
2005-10-07 20:23 ` Stephen Smalley
2005-10-07 20:41 ` Joshua Brindle
2005-10-11 19:15 ` Stephen Smalley
2005-10-11 20:05 ` Stephen Smalley
2005-10-11 20:17 ` Stephen Smalley
2005-10-11 22:45 ` Joshua Brindle
2005-10-11 22:51 ` Joshua Brindle
2005-10-12 14:58 ` Stephen Smalley
2005-10-12 15:34 ` Joshua Brindle
2005-10-12 15:44 ` Stephen Smalley
2005-10-12 16:19 ` Joshua Brindle
2005-10-12 16:26 ` Stephen Smalley
2005-10-12 18:06 ` Joshua Brindle
2005-10-12 19:52 ` Stephen Smalley
2005-10-12 20:11 ` Stephen Smalley
2005-10-13 16:43 ` Stephen Smalley
2005-10-13 18:43 ` Stephen Smalley
2005-10-13 18:54 ` Stephen Smalley
2005-10-12 20:16 ` Joshua Brindle
2005-10-12 20:43 ` Stephen Smalley
2005-10-07 21:17 ` Stephen Smalley
2005-10-07 22:48 ` Ivan Gyurdiev
2005-10-11 12:32 ` Stephen Smalley
2005-10-11 12:51 ` Stephen Smalley
2005-10-13 19:29 ` Stephen Smalley
2005-10-13 22:35 ` Joshua Brindle [this message]
2005-10-14 12:02 ` Stephen Smalley
2005-10-14 13:33 ` Joshua Brindle
2005-10-14 13:49 ` Stephen Smalley
2005-10-07 19:37 ` Stephen Smalley
2005-10-07 15:52 ` Ivan Gyurdiev
2005-10-07 16:01 ` Stephen Smalley
2005-10-07 16:05 ` Stephen Smalley
2005-10-07 16:46 ` Ivan Gyurdiev
2005-10-07 17:04 ` Stephen Smalley
2005-10-07 16:06 ` Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=434EE146.3010804@tresys.com \
--to=jbrindle@tresys.com \
--cc=SELinux-dev@tresys.com \
--cc=dwalsh@redhat.com \
--cc=ivg2@cornell.edu \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.