From: Stephen Smalley <sds@tycho.nsa.gov>
To: Artyom Smirnov <artyom.smirnov@red-soft.biz>, selinux@tycho.nsa.gov
Subject: Re: [PATCH] Add db_exception and db_datatype support to label_db backend
Date: Thu, 26 Jun 2014 10:52:39 -0400 [thread overview]
Message-ID: <53AC33B7.601@tycho.nsa.gov> (raw)
In-Reply-To: <1403713561-15016-1-git-send-email-artyom.smirnov@red-soft.biz>
On 06/25/2014 12:26 PM, Artyom Smirnov wrote:
> Hi,
>
> in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception
> and db_datatype were added to reference policy. This small patch
> extends ability of label_db backend to work with these objects.
>
> Regards.
> ---
> libselinux/include/selinux/label.h | 2 ++
> libselinux/man/man5/selabel_db.5 | 12 ++++++++++++
> libselinux/src/label_db.c | 4 ++++
> 3 files changed, 18 insertions(+)
Thanks, applied on #next
>
> diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
> index c63ea7d..672a7c2 100644
> --- a/libselinux/include/selinux/label.h
> +++ b/libselinux/include/selinux/label.h
> @@ -131,6 +131,8 @@ void selabel_stats(struct selabel_handle *handle);
> #define SELABEL_DB_BLOB 8
> #define SELABEL_DB_TUPLE 9
> #define SELABEL_DB_LANGUAGE 10
> +#define SELABEL_DB_EXCEPTION 11
> +#define SELABEL_DB_DATATYPE 12
>
> #ifdef __cplusplus
> }
> diff --git a/libselinux/man/man5/selabel_db.5 b/libselinux/man/man5/selabel_db.5
> index 51b5848..76eb9bc 100644
> --- a/libselinux/man/man5/selabel_db.5
> +++ b/libselinux/man/man5/selabel_db.5
> @@ -86,6 +86,16 @@ argument specifies the name of a view object, such as "postgres.public.my_view".
> The
> .I object_name
> argument specifies the name of a language object, such as "postgres.public.tcl".
> +.TP
> +.B SELABEL_DB_EXCEPTION
> +The
> +.I object_name
> +argument specifies the name of a exception object.
> +.TP
> +.B SELABEL_DB_DATATYPE
> +The
> +.I object_name
> +argument specifies the name of a type or domain object, such as postgres.public.my_type.
> .RE
> .sp
> Any messages generated by \fBselabel_lookup\fR(3) are sent to \fIstderr\fR
> @@ -135,6 +145,8 @@ SELABEL_DB_TUPLE@db_tuple
> SELABEL_DB_PROCEDURE@db_procedure
> SELABEL_DB_SEQUENCE@db_sequence
> SELABEL_DB_BLOB@db_blob
> +SELABEL_DB_EXCEPTION@db_exception
> +SELABEL_DB_DATATYPE@db_datatype
> .TE
> .
> .SH "FILE FORMAT"
> diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
> index ab0696a..999dd46 100644
> --- a/libselinux/src/label_db.c
> +++ b/libselinux/src/label_db.c
> @@ -140,6 +140,10 @@ process_line(const char *path, char *line_buf, unsigned int line_num,
> spec->type = SELABEL_DB_TUPLE;
> else if (!strcmp(type, "db_language"))
> spec->type = SELABEL_DB_LANGUAGE;
> + else if (!strcmp(type, "db_exception"))
> + spec->type = SELABEL_DB_EXCEPTION;
> + else if (!strcmp(type, "db_datatype"))
> + spec->type = SELABEL_DB_DATATYPE;
> else {
> selinux_log(SELINUX_WARNING,
> "%s: line %d has invalid object type %s\n",
>
prev parent reply other threads:[~2014-06-26 14:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-25 16:26 [PATCH] Add db_exception and db_datatype support to label_db backend Artyom Smirnov
2014-06-26 14:52 ` Stephen Smalley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53AC33B7.601@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=artyom.smirnov@red-soft.biz \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.