* [PATCH] add sepolgen
@ 2007-01-31 16:43 Karl MacMillan
2007-02-05 18:59 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Karl MacMillan @ 2007-01-31 16:43 UTC (permalink / raw)
To: SELinux Mail List
The patch at [1] adds the sepolgen python library for policy generation
and a new implementation of audit2allow based on this library. The
library has facilities for:
* parsing audit messages
* parsing and representing policy (including refpolicy interfaces)
* manipulating / transforming policy (e.g., adding require statements)
* generating policy from access requests / audit messages (including
calls to refpolicy interfaces)
* outputting policy as text
* compiling policy modules
All of the requested updates from the previous review have been made.
Notes for packaging:
* This adds a new dependency between policycoreutils and sepolgen
* The tool sepolgen-ifgen needs to be run to extract information from
the reference policy headers for audit2allow to generate refpolicy. The
rpm spec file at
http://hg.et.redhat.com/selinux/madison?f=b26375c7641a;file=madison.spec
shows how I did this.
* Audit2allow currently has a few regressions from the old version. This
will be fixed soon.
[1]
http://people.redhat.com/kmacmill/patches/selinux/sepolgen-initial-submission.patch.gz
Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] add sepolgen
2007-01-31 16:43 [PATCH] add sepolgen Karl MacMillan
@ 2007-02-05 18:59 ` Stephen Smalley
2007-02-06 20:40 ` Karl MacMillan
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2007-02-05 18:59 UTC (permalink / raw)
To: Karl MacMillan; +Cc: SELinux Mail List
On Wed, 2007-01-31 at 11:43 -0500, Karl MacMillan wrote:
> The patch at [1] adds the sepolgen python library for policy generation
> and a new implementation of audit2allow based on this library. The
> library has facilities for:
>
> * parsing audit messages
> * parsing and representing policy (including refpolicy interfaces)
> * manipulating / transforming policy (e.g., adding require statements)
> * generating policy from access requests / audit messages (including
> calls to refpolicy interfaces)
> * outputting policy as text
> * compiling policy modules
>
> All of the requested updates from the previous review have been made.
>
> Notes for packaging:
>
> * This adds a new dependency between policycoreutils and sepolgen
> * The tool sepolgen-ifgen needs to be run to extract information from
> the reference policy headers for audit2allow to generate refpolicy. The
> rpm spec file at
> http://hg.et.redhat.com/selinux/madison?f=b26375c7641a;file=madison.spec
> shows how I did this.
> * Audit2allow currently has a few regressions from the old version. This
> will be fixed soon.
>
> [1]
> http://people.redhat.com/kmacmill/patches/selinux/sepolgen-initial-submission.patch.gz
>
> Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com>
Thanks, merged on the trunk. Please check that it is complete and
up-to-date with your own tree.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] add sepolgen
2007-02-05 18:59 ` Stephen Smalley
@ 2007-02-06 20:40 ` Karl MacMillan
0 siblings, 0 replies; 3+ messages in thread
From: Karl MacMillan @ 2007-02-06 20:40 UTC (permalink / raw)
To: Stephen Smalley; +Cc: SELinux Mail List
Stephen Smalley wrote:
> On Wed, 2007-01-31 at 11:43 -0500, Karl MacMillan wrote:
>> The patch at [1] adds the sepolgen python library for policy generation
>> and a new implementation of audit2allow based on this library. The
>> library has facilities for:
>>
>> * parsing audit messages
>> * parsing and representing policy (including refpolicy interfaces)
>> * manipulating / transforming policy (e.g., adding require statements)
>> * generating policy from access requests / audit messages (including
>> calls to refpolicy interfaces)
>> * outputting policy as text
>> * compiling policy modules
>>
>> All of the requested updates from the previous review have been made.
>>
>> Notes for packaging:
>>
>> * This adds a new dependency between policycoreutils and sepolgen
>> * The tool sepolgen-ifgen needs to be run to extract information from
>> the reference policy headers for audit2allow to generate refpolicy. The
>> rpm spec file at
>> http://hg.et.redhat.com/selinux/madison?f=b26375c7641a;file=madison.spec
>> shows how I did this.
>> * Audit2allow currently has a few regressions from the old version. This
>> will be fixed soon.
>>
>> [1]
>> http://people.redhat.com/kmacmill/patches/selinux/sepolgen-initial-submission.patch.gz
>>
>> Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com>
>
> Thanks, merged on the trunk. Please check that it is complete and
> up-to-date with your own tree.
>
Looks correct and up-to-date with all of the completed patches.
Karl
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-06 20:40 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-31 16:43 [PATCH] add sepolgen Karl MacMillan
2007-02-05 18:59 ` Stephen Smalley
2007-02-06 20:40 ` Karl MacMillan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.