From: Joshua Brindle <jbrindle@tresys.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ivan Gyurdiev <ivg2@cornell.edu>,
SELinux-dev@tresys.com, dwalsh@redhat.com, selinux@tycho.nsa.gov
Subject: Re: [ SEMANAGE ] [ SEPOL ] More database work
Date: Fri, 14 Oct 2005 09:33:02 -0400 [thread overview]
Message-ID: <434FB38E.3000309@tresys.com> (raw)
In-Reply-To: <1129291328.15883.49.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
> On Thu, 2005-10-13 at 18:35 -0400, Joshua Brindle wrote:
>
>>>We still need to decide what to do about the
>>>sepol_module_package_create_file interface to make it extensible; one
>>>option is to discard it and require the caller to build up a
>>>sepol_module_package struct via a create/set_xx/set_yy sequence and then
>>>use the write interface to write the final package file. It appears the
>>>we would only need/want a set_file_contexts interface at present, as the
>>>policydb is allocated by the create interface and can be extracted via
>>>get and then populated using the other policydb interfaces (read,
>>>expand_module, etc). The only user of the create_file interface
>>>presently is semodule_package.
>>>
>>>Also need to deal with the package file format itself, i.e. versioning,
>>>sections, etc. per the discussion on fedora-selinux-list.
>>>
>>
>>It also seems like the current CLI for semanage_package is insufficient.
>>If we are building support into the format and API for sections and
>>other data the semanage_package options should reflect what sections are
>>you are filling in with what data, something like
>>
>>-f file_contexts
>>-m module data
>>
>>and anything else added later would obviously get an argument.
>
>
> Does it ever make sense to build a package without a module? If not,
> then I think we can leave the module as a required argument, and only
> make things like file contexts and other components option-driven.
Sure, I was expecting it to be required, but still use an argument, it
doesn't matter to me though
> It
> might also help to in some way more clearly distinguish the output file
> from the input arguments to avoid accidentally clobbering a module (I've
> done that before) with semodule_package, either via explicit -o option
> like checkmodule/checkpolicy (with some default output filename) or have
> semodule_package refuse to clobber an existing file.
> .
Yes, another thing I expected to do but didn't mention because it wasn't
relavent to the file format itself. I've also clobbered modules though :)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-10-14 13:33 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-06 16:01 [ SEMANAGE ] [ SEPOL ] More database work Ivan Gyurdiev
2005-10-06 16:05 ` Ivan Gyurdiev
2005-10-06 19:27 ` Stephen Smalley
2005-10-07 14:30 ` Stephen Smalley
2005-10-07 15:52 ` Stephen Smalley
2005-10-07 18:30 ` Stephen Smalley
2005-10-07 19:36 ` Joshua Brindle
2005-10-07 19:54 ` Stephen Smalley
2005-10-07 20:15 ` Joshua Brindle
2005-10-07 20:23 ` Stephen Smalley
2005-10-07 20:41 ` Joshua Brindle
2005-10-11 19:15 ` Stephen Smalley
2005-10-11 20:05 ` Stephen Smalley
2005-10-11 20:17 ` Stephen Smalley
2005-10-11 22:45 ` Joshua Brindle
2005-10-11 22:51 ` Joshua Brindle
2005-10-12 14:58 ` Stephen Smalley
2005-10-12 15:34 ` Joshua Brindle
2005-10-12 15:44 ` Stephen Smalley
2005-10-12 16:19 ` Joshua Brindle
2005-10-12 16:26 ` Stephen Smalley
2005-10-12 18:06 ` Joshua Brindle
2005-10-12 19:52 ` Stephen Smalley
2005-10-12 20:11 ` Stephen Smalley
2005-10-13 16:43 ` Stephen Smalley
2005-10-13 18:43 ` Stephen Smalley
2005-10-13 18:54 ` Stephen Smalley
2005-10-12 20:16 ` Joshua Brindle
2005-10-12 20:43 ` Stephen Smalley
2005-10-07 21:17 ` Stephen Smalley
2005-10-07 22:48 ` Ivan Gyurdiev
2005-10-11 12:32 ` Stephen Smalley
2005-10-11 12:51 ` Stephen Smalley
2005-10-13 19:29 ` Stephen Smalley
2005-10-13 22:35 ` Joshua Brindle
2005-10-14 12:02 ` Stephen Smalley
2005-10-14 13:33 ` Joshua Brindle [this message]
2005-10-14 13:49 ` Stephen Smalley
2005-10-07 19:37 ` Stephen Smalley
2005-10-07 15:52 ` Ivan Gyurdiev
2005-10-07 16:01 ` Stephen Smalley
2005-10-07 16:05 ` Stephen Smalley
2005-10-07 16:46 ` Ivan Gyurdiev
2005-10-07 17:04 ` Stephen Smalley
2005-10-07 16:06 ` Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=434FB38E.3000309@tresys.com \
--to=jbrindle@tresys.com \
--cc=SELinux-dev@tresys.com \
--cc=dwalsh@redhat.com \
--cc=ivg2@cornell.edu \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.