SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [ SEMANAGE ] Stub pserver backend This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Tue, 15 Nov 2005 06:58:11 -0500 On Tue, 2005-11-15 at 06:29 -0500, Stephen Smalley wrote: > On Mon, 2005-11-14 at 16:55 -0500, Ivan Gyurdiev wrote: > > The purpose of stubs is to reduce size of future patches, and to point > > to the right place to add functionality (if people want to help > > implement it). > > > > Changes: stub the pserver dbase backend. > > I'd prefer to wait until we have a basic working implementation and a > user ready for merging. Posting stubs or function prototypes to the > list as examples is fine, but I don't see much value in merging them. > It was ok for early development of libsemanage in order to build up > infrastructure and allow early collaboration/feedback, but I'd prefer to > move to merging actual implementations now. I'd especially like to see > sample users (even just dummy test programs) that allow the code to be > trivially exercised along with the submissions to help put it in > context. Also, I think we need to think about priorities of tasks; policy server backend and runtime boolean manipulation via libsemanage seem fairly low to me right now. Of greater importance would be: - Finalizing the refpolicy-based targeted policy package and getting it into rawhide, - Solving the default role problem in semanage/sepol, - Finalizing the genhomedircon rewrite and getting it upstreamed (depends on prior item), - Adding options to audit2allow to allow it to generate well-formed source policy modules (including module statement and all necessary required statements) so that users can continue using audit2allow on managed systems for local additions to rules. Likely separate options to allow generation of a complete module versus generation of additional require and allow rules to append to an existing module. - Creating a utility for managing seusers via libsemanage so that users don't need to directly edit the sandbox copy and then run semodule -B to force a rebuild, - Finishing the ports functionality and exporting those interfaces, - Creating utilities for managing the other policy components via libsemanage. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 15 Nov 2005 - 06:58:32 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: Running programs from a PHP script under SELinux" Previous message: Stephen Smalley: "Re: [ SELINUX ] Make rpm_execcon failure non-fatal in permissive mode." In reply to: Stephen Smalley: "Re: [ SEMANAGE ] Stub pserver backend" Next in thread: Daniel J Walsh: "Re: [ SEMANAGE ] Stub pserver backend" Reply: Daniel J Walsh: "Re: [ SEMANAGE ] Stub pserver backend" Reply: Stephen Smalley: "Re: [ SEMANAGE ] Stub pserver backend" Reply: Ivan Gyurdiev: "Re: [ SEMANAGE ] Stub pserver backend" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom