Re: [SEPOL][SEMANAGE] Nodecon Support: Try 1

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ivan Gyurdiev <ivg2@cornell.edu>
To: SELinux List <SELinux@tycho.nsa.gov>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	Joshua Brindle <jbrindle@tresys.com>,
	Chad Hanson <chanson@TrustedCS.com>
Subject: Re: [SEPOL][SEMANAGE] Nodecon Support: Try 1
Date: Fri, 10 Feb 2006 18:21:25 -0500	[thread overview]
Message-ID: <43ED1FF5.2050802@cornell.edu> (raw)
In-Reply-To: <43E9AA00.3010803@cornell.edu>

> Attached is a resync of the same patch to current CVS.
Ok, this patch needs more work, I guess.

According to Chad Hanson (on IRC) the kernel reorders by netmask, which 
will not work with this patch.
If this is the case, then this problem is equivalent to the issue with 
ports - namely, the strategy to replace exact key match, and prepend 
everything else in front does not work, and creates problems. The code 
needs to be smarter on updates - needs to edit port ranges and nodecon 
entries that are overridden locally, and make the appropriate changes.

Other comments by Chad:
- no preference on byte order  - should probably follow policy 
convention (network byte order?)
- byte arrays are better than integer ones

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2006-02-10 23:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-02-05 21:01 [SEPOL][SEMANAGE] Nodecon Support: Try 1 Ivan Gyurdiev
2006-02-06  1:07 ` Ivan Gyurdiev
2006-02-08  8:21   ` Ivan Gyurdiev
2006-02-10 23:21     ` Ivan Gyurdiev [this message]
2006-02-14 19:02     ` Stephen Smalley
  -- strict thread matches above, loose matches on Subject: below --
2006-02-11  1:55 Chad Hanson
2006-02-11  3:34 ` Ivan Gyurdiev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43ED1FF5.2050802@cornell.edu \
    --to=ivg2@cornell.edu \
    --cc=SELinux@tycho.nsa.gov \
    --cc=chanson@TrustedCS.com \
    --cc=jbrindle@tresys.com \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.