Re: [Patch 2/2] libsemanage: remember and retrieve dontaudit settings

[Christopher Pardy <cpardy@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 2691 bytes --]

On 07/02/2009 10:13 AM, Stephen Smalley wrote:
> On Thu, 2009-07-02 at 09:55 -0400, Christopher Pardy wrote:
>    
>> It's not that a program would use this that couldn't link against
>> libsemanage the functionality just seemed closer to that of the
>> functions in libselinux, I've been doing alot of work on fedora stuff
>> It seems to me  that 90% of the code in libsemanage is handle
>> dependent functions. libselinux seems to be more of a global setting
>> kind of deal. so it made sense to put it here. Let me know if this
>> isn't the case
>>      
>
> Unless you envision this interface being called by non-management
> programs, I think it is reasonable to require them to link against
> libsemanage and use an interface provided by it.
>
>    
If I'm not mistaken disabling dontaudit rules will cause more AVCs, if 
this is the case then programs like SETroubleshoot would want to know if 
dontaudit rules are turned on. Additionally see my previous explaination 
as to why the two are separated.
>>> This doesn't make sense to me - we check whether we've already set
>>> disable dontaudit and use that to decide whether to create the file?
>>> But the existence of the file is what would have triggered setting
>>> disable dontaudit in the first place.  Round and round we go...
>>>
>>>        
>> When we create the handle we set it's default property to the system
>> default. When we commit a handle we set the system default property to
>> the handles property. In between it is fully possible to that we have
>> called a set_disable_dontaudit to change the value in the handle. If
>> you would rather I checked if the two were different first I can.
>>      
>
> Hmmm...but if the flag file is private to the store, then you can just
> create or remove it directly from semanage_set_disable_dontaudit(), and
> you won't need to do this at commit.  At which point you seemingly don't
> need the libsepol or libsemanage get functions.
>
>    
If the flag file was created at time of semanage_set_disable_dontaudit() 
it would reflect a pending state and not an actual state, if for some 
reason commit was never called or simply failed it would incorrectly 
reflect the state of the system. By creating the file only after a 
successful commit the file correctly identifies our actual state. While 
the get functions correctly identify our pending state.
> BTW, to create a new file in the store, you'll want to extend
> semanage_sandbox_defs in semanage_store.h with a
> SEMANAGE_DISABLE_DONTAUDIT value and use
> semanage_fname(SEMANAGE_DISABLE_DONTAUDIT) to obtain the pathname to the
> flag file.
>
>    
Thanks for that, I'll get a new version of the patch out shortly.

[-- Attachment #2: Type: text/html, Size: 3443 bytes --]