From mboxrd@z Thu Jan  1 00:00:00 1970
Subject: Re: genhomedircon USERID and USERNAME patches
To: Stephen Smalley <sds@tycho.nsa.gov>, selinux@tycho.nsa.gov
References: <20160201093633.GB21978@meriadoc.perfinion.com>
 <1460131535-15688-1-git-send-email-jason@perfinion.com>
 <CAJfZ7=mZnyW8-+BH02VJX7fBONyJTOHjHmkqByidz8cWw37Lcg@mail.gmail.com>
 <570CF09E.10100@tycho.nsa.gov> <570D079B.40106@tresys.com>
 <570E74FA.8060600@gmail.com> <570E7B15.6090906@tycho.nsa.gov>
 <570E7D73.5060302@gmail.com>
From: Dominick Grift <dac.override@gmail.com>
Message-ID: <570E7F5A.8060006@gmail.com>
Date: Wed, 13 Apr 2016 19:18:18 +0200
MIME-Version: 1.0
In-Reply-To: <570E7D73.5060302@gmail.com>
Content-Type: text/plain; charset=utf-8
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/13/2016 07:10 PM, Dominick Grift wrote:
> On 04/13/2016 07:00 PM, Stephen Smalley wrote:
>> On 04/13/2016 12:34 PM, Dominick Grift wrote:
>>> On 04/12/2016 04:35 PM, Christopher J. PeBenito wrote:
>>> 
>>>> Right, the script that refpolicy has is only used on 
>>>> monolithic builds.
>>> 
>>> 
>>> As I recall, last time i tried it, it was not working on a 
>>> redhat-based system. Probably bit-rot has set in. There is
>>> also some hard-coding going on in there i believe.
>>> 
>>> Someone with c-skills should rewrite it in c, make it truly 
>>> portable. That way it can be used with both monolithic as well
>>> as modular policy (i don't mean binary-based module policy here
>>> but text-based module policy that otherwise does not require
>>> the presence of semodule)
> 
>> Even CIL-based modules are installed via semodule and managed via
>>  libsemanage, and libsemanage already contains a C
>> implementation of genhomedircon.
> 
> 
> 
> Let me correct that:
> 
> "Even CIL-based modules can be installed via semodule and managed
> via libsemanage, and libsemanage already contains a C
> implementation of genhomedircon."
> 
> 
> that is not my point though. My point is: since we need a working 
> genhomedircon for monolithic policy, we might cease the opportunity
> to also support text-based module policy which can be installed
> via semodule and managed via libsemanage, but does not strictly
> require that .
> 

Make that "seize" instead (i think)


> 
> 

- -- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQGcBAEBCAAGBQJXDn9WAAoJECV0jlU3+UdpivkL/RjKc+zFM5OAY6tt9Ev0fMr4
hSOgfzjrGjjzbX8j/orAz+gk0IJ7+2GDYzA4i9EUH8cFIE04Nd7ldEWRDnhxJJ0C
zHmKt2YOTLCgRW38RCQlX9cUU8ABuqjPlv/PUXPAspGbvnkAnH0SwRwQBJTlTH7w
usaGy+3Dl0rnrGhPvAs2fA1kBL0KlxQRIf+fcqJlU9Nt+OCOj7ufv13IulttMk1b
6HGq5jzhhhpSWhLwO/Mn7NSXmSobzl/U5xdjWyqEpsN0urcm1JIqwZIrsBSkn0+r
hc/5VIf5ckjLZepLTCV/FF1MisuZHcepgYCtjjVo9h1PuweB/Y5QlLCyJFyAofD/
e9TRhiCyzCb3cmfytKo8hxngAjOBq/h2fdFbpYz1d0meBXl4YKwHpSr3xmx+bIBX
pDP7dHewwPcqSq12J7eszAtnw9NbIxUhOZF8ERyOi82pZR/TlXW05GBr1OKjDz8D
w83DYzURyIh14xfqYPzDSxMgdzncLEgShx0jQR6SxQ==
=TpcH
-----END PGP SIGNATURE-----