* avc_* functions not in libselinux-python @ 2008-04-08 22:02 Xavier Toth 2008-04-09 17:30 ` Stephen Smalley 0 siblings, 1 reply; 6+ messages in thread From: Xavier Toth @ 2008-04-08 22:02 UTC (permalink / raw) To: SE Linux, Eamon Walsh, Daniel J Walsh Can these functions get swig'd and their wrappers built into _selinux.so? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: avc_* functions not in libselinux-python 2008-04-08 22:02 avc_* functions not in libselinux-python Xavier Toth @ 2008-04-09 17:30 ` Stephen Smalley 2008-04-09 20:30 ` Xavier Toth 0 siblings, 1 reply; 6+ messages in thread From: Stephen Smalley @ 2008-04-09 17:30 UTC (permalink / raw) To: Xavier Toth; +Cc: SE Linux, Eamon Walsh, Daniel J Walsh On Tue, 2008-04-08 at 17:02 -0500, Xavier Toth wrote: > Can these functions get swig'd and their wrappers built into _selinux.so? Patches accepted. One possible issue here is function pointer callbacks, which is a more general problem than just the avc interfaces in libselinux. But if you are ok with the default callbacks, I suppose there is no problem there. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: avc_* functions not in libselinux-python 2008-04-09 17:30 ` Stephen Smalley @ 2008-04-09 20:30 ` Xavier Toth 2008-06-10 13:49 ` Stephen Smalley 0 siblings, 1 reply; 6+ messages in thread From: Xavier Toth @ 2008-04-09 20:30 UTC (permalink / raw) To: Stephen Smalley; +Cc: SE Linux, Eamon Walsh, Daniel J Walsh For now I don't think that's a problem as I was looking at using avc_has_perm and the context to sid conversion function. On Wed, Apr 9, 2008 at 12:30 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Tue, 2008-04-08 at 17:02 -0500, Xavier Toth wrote: > > Can these functions get swig'd and their wrappers built into _selinux.so? > > Patches accepted. > > One possible issue here is function pointer callbacks, which is a more > general problem than just the avc interfaces in libselinux. But if you > are ok with the default callbacks, I suppose there is no problem there. > > -- > Stephen Smalley > National Security Agency > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: avc_* functions not in libselinux-python 2008-04-09 20:30 ` Xavier Toth @ 2008-06-10 13:49 ` Stephen Smalley 2008-06-10 14:18 ` Ted X Toth 0 siblings, 1 reply; 6+ messages in thread From: Stephen Smalley @ 2008-06-10 13:49 UTC (permalink / raw) To: Xavier Toth; +Cc: SE Linux, Eamon Walsh, Daniel J Walsh On Wed, 2008-04-09 at 15:30 -0500, Xavier Toth wrote: > For now I don't think that's a problem as I was looking at using > avc_has_perm and the context to sid conversion function. What's the status on this? I see patches in the Fedora libselinux package to add the AVC interfaces to the swig bindings, but they aren't upstream. Do they work as expected? Should they be upstreamed? > > On Wed, Apr 9, 2008 at 12:30 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > > > On Tue, 2008-04-08 at 17:02 -0500, Xavier Toth wrote: > > > Can these functions get swig'd and their wrappers built into _selinux.so? > > > > Patches accepted. > > > > One possible issue here is function pointer callbacks, which is a more > > general problem than just the avc interfaces in libselinux. But if you > > are ok with the default callbacks, I suppose there is no problem there. > > > > -- > > Stephen Smalley > > National Security Agency > > > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: avc_* functions not in libselinux-python 2008-06-10 13:49 ` Stephen Smalley @ 2008-06-10 14:18 ` Ted X Toth 2008-06-10 14:28 ` Stephen Smalley 0 siblings, 1 reply; 6+ messages in thread From: Ted X Toth @ 2008-06-10 14:18 UTC (permalink / raw) To: Stephen Smalley; +Cc: SE Linux, Eamon Walsh, Daniel J Walsh Stephen Smalley wrote: > On Wed, 2008-04-09 at 15:30 -0500, Xavier Toth wrote: > >> For now I don't think that's a problem as I was looking at using >> avc_has_perm and the context to sid conversion function. >> > > What's the status on this? I see patches in the Fedora libselinux > package to add the AVC interfaces to the swig bindings, but they aren't > upstream. Do they work as expected? The interfaces I'm using (avc_open, avc_reset, avc_context_to_sid, avc_has_perm_noaudit) are working as expected. > Should they be upstreamed? > > I think so. >> On Wed, Apr 9, 2008 at 12:30 PM, Stephen Smalley <sds@tycho.nsa.gov> wrote: >> >>> On Tue, 2008-04-08 at 17:02 -0500, Xavier Toth wrote: >>> > Can these functions get swig'd and their wrappers built into _selinux.so? >>> >>> Patches accepted. >>> >>> One possible issue here is function pointer callbacks, which is a more >>> general problem than just the avc interfaces in libselinux. But if you >>> are ok with the default callbacks, I suppose there is no problem there. >>> >>> -- >>> Stephen Smalley >>> National Security Agency >>> >>> >>> >> -- >> This message was distributed to subscribers of the selinux mailing list. >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with >> the words "unsubscribe selinux" without quotes as the message. >> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: avc_* functions not in libselinux-python 2008-06-10 14:18 ` Ted X Toth @ 2008-06-10 14:28 ` Stephen Smalley 0 siblings, 0 replies; 6+ messages in thread From: Stephen Smalley @ 2008-06-10 14:28 UTC (permalink / raw) To: Ted X Toth; +Cc: SE Linux, Eamon Walsh, Daniel J Walsh On Tue, 2008-06-10 at 09:18 -0500, Ted X Toth wrote: > Stephen Smalley wrote: > > On Wed, 2008-04-09 at 15:30 -0500, Xavier Toth wrote: > > > >> For now I don't think that's a problem as I was looking at using > >> avc_has_perm and the context to sid conversion function. > >> > > > > What's the status on this? I see patches in the Fedora libselinux > > package to add the AVC interfaces to the swig bindings, but they aren't > > upstream. Do they work as expected? > The interfaces I'm using (avc_open, avc_reset, avc_context_to_sid, > avc_has_perm_noaudit) are working as expected. > > > Should they be upstreamed? > > > > > I think so. Ok, can you or Dan split that out and submit it please. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-06-10 14:28 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2008-04-08 22:02 avc_* functions not in libselinux-python Xavier Toth 2008-04-09 17:30 ` Stephen Smalley 2008-04-09 20:30 ` Xavier Toth 2008-06-10 13:49 ` Stephen Smalley 2008-06-10 14:18 ` Ted X Toth 2008-06-10 14:28 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.