From: ramsdell@mitre.org (John D. Ramsdell)
To: "Christopher Ashworth" <cashworth@tresys.com>
Cc: <selinux@tycho.nsa.gov>
Subject: Re: FCGlob
Date: 17 Apr 2007 13:51:38 -0400 [thread overview]
Message-ID: <ogtzm56khxx.fsf@oolong.mitre.org> (raw)
In-Reply-To: <6FE441CD9F0C0C479F2D88F959B01588A7153E@exchange.columbia.tresys.com>
"Christopher Ashworth" <cashworth@tresys.com> writes:
> Ack! Wait! Danger! Will Robinson! :)
I'm laughing. I watched first runs of that show. I hope your arms
were flailing as you wrote that text.
> Since in a subsequent email you said "I have no experience
> implementing finite state machines" I assume that what you mean
> above by all the "it is easy" bits is that it is easy in theory.
This is correct. It could be easy in practice, I just don't know.
> That's why the current file context system uses heuristics instead
> of a real sorting algorithm.
The paper states that an FCGlob prototype would require creating:
A comparison function that receives two patterns as parameters and
returns the set relationship. Possible set relationships between
the set of paths pattern A matches and the set of paths pattern B
matches are: subset, superset, disjoint and ambiguous.
I speculated that finite automata is required to implement the
comparison function as specified. Do you have an alternative
algorithm that meets the above specification? I don't recall seeing
one in the paper.
> But the observation at hand is that replacing regular expressions in
> the file context specs would buy us a lot of improvements.
As I said at the meeting, I like the idea of using file globbing
syntax as I agree with your assertion they are less error prone.
John
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-04-17 17:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-17 10:07 FCGlob Russell Coker
2007-04-17 11:23 ` FCGlob John D. Ramsdell
2007-04-17 12:54 ` FCGlob (does someone have the time to generate a special purpose machine) Zwartsenberg, Remmolt
2007-04-17 14:19 ` John D. Ramsdell
2007-04-17 16:08 ` FCGlob Christopher Ashworth
2007-04-17 17:51 ` John D. Ramsdell [this message]
2007-04-17 18:42 ` FCGlob James Antill
2007-04-17 18:10 ` FCGlob John D. Ramsdell
2007-04-17 19:07 ` FCGlob James Athey
2007-04-18 0:35 ` FCGlob Russell Coker
2007-04-20 13:32 ` FCGlob John D. Ramsdell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ogtzm56khxx.fsf@oolong.mitre.org \
--to=ramsdell@mitre.org \
--cc=cashworth@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.