Stability of libsepol and libsemanage?

Stability of libsepol and libsemanage?

[Thomas Bleher]

I'm currently filing wishlist bugs in the SUSE bugzilla against various
packages regarding SELinux support. SUSE is currently missing libsepol
and libsemanage, so I wondered if it is safe to add the development
versions now, considering the many patches that are applied now.
Are the libraries as they are now safe to be used in a release or will
there be incompatible changes so it would be better to wait for a while?

Thanks for your answer,
Thomas

-- 
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Stability of libsepol and libsemanage?

[Stephen Smalley]

On Wed, 2005-11-09 at 14:40 +0100, Thomas Bleher wrote:
> I'm currently filing wishlist bugs in the SUSE bugzilla against various
> packages regarding SELinux support. SUSE is currently missing libsepol
> and libsemanage, so I wondered if it is safe to add the development
> versions now, considering the many patches that are applied now.
> Are the libraries as they are now safe to be used in a release or will
> there be incompatible changes so it would be better to wait for a while?

We only guarantee ABI stability for nsa.gov releases, not sourceforge
CVS snapshots.  So, if you want such a guarantee, you should wait.
It likely won't be long now until we make an updated release.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Stability of libsepol and libsemanage?

[Stephen Smalley]

On Wed, 2005-11-09 at 08:52 -0500, Stephen Smalley wrote:
> On Wed, 2005-11-09 at 14:40 +0100, Thomas Bleher wrote:
> > I'm currently filing wishlist bugs in the SUSE bugzilla against various
> > packages regarding SELinux support. SUSE is currently missing libsepol
> > and libsemanage, so I wondered if it is safe to add the development
> > versions now, considering the many patches that are applied now.
> > Are the libraries as they are now safe to be used in a release or will
> > there be incompatible changes so it would be better to wait for a while?
> 
> We only guarantee ABI stability for nsa.gov releases, not sourceforge
> CVS snapshots.  So, if you want such a guarantee, you should wait.
> It likely won't be long now until we make an updated release.

Note btw that many of the SELinux userland patches have also changed
(see the Fedora public CVS tree), e.g. sysvinit-selinux.patch now takes
advantage of a new libselinux function to handle all of the details,
pam_selinux and patches for sshd, crond, etc now use getseuserbyname()
to map the Linux user to a SELinux user and (optionally) level prior to
calling get_default_context or get_ordered_context_list, etc.  Hence,
when you update to the next release of the libraries, you should also
revisit your ports of the SELinux userland patches for your distros.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

MLS translations for libsemanage and libsepol

[Ivan Gyurdiev]

>
>
> seusers is a little unclear; it presently has to use the raw definitions
> because it is only a partial context (just the range), so it isn't going
> through conversion.  GUI for seusers modification would likely apply
> translation itself for presentation to admins.
>   

What's the justification for doing translations in libselinux (the 
library), while placing that responsibility on the caller for 
libsemanage, and sepol. Maybe we should be doing translations for:

- policydb_context_isvalid
- any new functions added to libsepol to check validity and dominance of 
mls ranges (for seusers)
- se[pol/manage]_context_from_string
- se[pol/manage]_context_to_string
- se[pol/manage]_context_get_mls
- se[pol/manage]_context_set_mls
- se[pol/manage]_user_get_mlslevel (?? - are categories supposed to be 
rejected here)
- se[pol/manage]_user_set_mlslevel (?? - are they actually rejected, or 
just ignored..hmm)
- se[pol/manage]_user_get_mlsrange
- se[pol/manage]_user_set_mlsrange
- se[pol/manage]_seuser_get_mlsrange
- se[pol/manage]_seuser_set_mlsrange


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS translations for libsemanage and libsepol

[Stephen Smalley]

On Wed, 2005-11-09 at 17:31 -0500, Ivan Gyurdiev wrote:
> What's the justification for doing translations in libselinux (the 
> library), while placing that responsibility on the caller for 
> libsemanage, and sepol. Maybe we should be doing translations for:

Translation is done in the context of a system's running policy, whereas
libsepol and libsemanage are operating on a policy object that may
differ from the system's running policy.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS translations for libsemanage and libsepol

[Stephen Smalley]

On Thu, 2005-11-10 at 07:30 -0500, Stephen Smalley wrote:
> On Wed, 2005-11-09 at 17:31 -0500, Ivan Gyurdiev wrote:
> > What's the justification for doing translations in libselinux (the 
> > library), while placing that responsibility on the caller for 
> > libsemanage, and sepol. Maybe we should be doing translations for:
> 
> Translation is done in the context of a system's running policy, whereas
> libsepol and libsemanage are operating on a policy object that may
> differ from the system's running policy.

Note that this precisely follows the division between libselinux and the
other two libraries; libselinux is the interface for applications
running on a SELinux host, while libsepol allows manipulation (including
building) of policies on even non-SELinux (or SELinux with different
running policy) hosts.  libsemanage lives in the middle, managing policy
on a SELinux host but needing to deal with policies before they are
loaded into the system, so it cannot assume that e.g. contexts it is
handling are necessarily valid yet for the running policy.


-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.