Re: releasibility in mcstransd

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <method@manicmethod.com>
To: Joe Nall <joe@nall.com>
Cc: Chad Hanson <chanson@TrustedCS.com>,
	SE Linux <selinux@tycho.nsa.gov>,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: releasibility in mcstransd
Date: Fri, 20 Jun 2008 14:26:22 -0400	[thread overview]
Message-ID: <485BF64E.9060905@manicmethod.com> (raw)
In-Reply-To: <FBDB910C-1B8E-4DCD-A427-6EF0B161F329@nall.com>

Joe Nall wrote:
> 
> On Jun 20, 2008, at 10:37 AM, Joshua Brindle wrote:
> 
>> Joe Nall wrote:
>>>
>>> ...
>>> Attached is a source rpm based on the mcstransd we are using internally.
>>> It can translate ranges that look like:
>>>
>> Thanks for this. I started looking at the diff and it is pretty
>> significant, it might take me a while to get through it all. One thing
>> I noticed immediately is that you are duplicating interfaces present
>> in libsepol such as mls_level_to_string, mls_level_from_string and
>> importing private headers from libsepol.
> 
> IIRC, the functions were not exported. I'm more than willing to drop
> those routines and use libsepol.
> 
>> I don't think we want to proceed this way. If possible we should be
>> using the libsepol interfaces and encapsulating the private types as
>> necessary.
> 
> I agree
> 

Stephen: What do you think we should do about this? We've talked about losing some of the encapsulation in libsepol but that was related to policydb. Should we just export the mls types for now and use those or continue by making them opaque? Since this mcstrans does alot of operations on them it might make making them opaque difficult. We could probably move alot of the functionality out of mcstrans and in to libsepol but that would be coupling our libs to this particular translation scheme which I thought we were trying to avoid?

>> The ebitmap operations can certainly be put in libsepol but shouldn't
>> be called directly the way they are.
> 
> I like to putting the additional ebitmap functions in libsepol. I was
> hoping Stephen would make them faster too :) I don't understand the
> 'shouldn't be called directly the way they are' comment.
> 

ebitmaps aren't exported so you'd never actually have an unencapsulated one in the application. 

>> It looks like quite a few todo's and hacks are in there as well.
> 
> Yep. It got to this mostly workable state some time ago and other things
> have taken precedence since.
> 
>> I'll try to help as much as I can, and hopefully we can get this in
>> good shape to merge in to Dan's codebase. Are you going to have any
>> time to work on this?
> 
> Yes. I really want to get some conversion constraints in before OLS.
> Things like REL and NOFORN don't go together. An interface to export
> which bits are 'inverse' would be very handy within our applications
> code. The semanage translation code is broken/obsoleted by these changes
> too.
> 

What about semanage? Is it doing translations without calling the translation interfaces that talk to the server?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-06-20 18:26 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-06-09 20:25 releasibility in mcstransd Joshua Brindle
2008-06-09 20:50 ` Paul Moore
2008-06-09 21:04 ` Chad Hanson
2008-06-11  3:04   ` Joe Nall
2008-06-11 14:11     ` Daniel J Walsh
2008-06-20 15:37     ` Joshua Brindle
2008-06-20 18:14       ` Joe Nall
2008-06-20 18:26         ` Joshua Brindle [this message]
2008-06-20 18:34           ` Joe Nall
2008-06-27 11:51             ` Daniel J Walsh
2008-06-27 13:42               ` Joshua Brindle
2008-06-27 18:41                 ` Paul Moore
2008-06-27 18:56                   ` Joshua Brindle
2008-07-08 15:54                     ` Joe Nall
2008-07-08 17:11                       ` Stephen Smalley
2008-07-08 17:22                       ` Joshua Brindle
2008-06-20 18:41           ` Joe Nall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=485BF64E.9060905@manicmethod.com \
    --to=method@manicmethod.com \
    --cc=chanson@TrustedCS.com \
    --cc=joe@nall.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.