Re: Semanage, sepolicy Python code and new feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2013 10:56 AM, Leonidas S. Barbosa wrote:
> 
> Hi,
> 
> this is my first participation here, not sure I'd introduce myself, but
> anyway, I'd like to colaborate with some pieces of code in SElinux, and
> these are my first attempt to.
> 
> 1) In semanage file (policycoreutils/semanage/semanage) I saw that 'import
> selinux' and selinux module is not used in any place. Is it really need?
> 
Nope, probably used to be used.  I will remove it.
> 2) still in semanage file I could notice that there are assignments to a
> variable called 'object', object is also a Python keyword/global variable
> used to create class. Wondering if it can not mess up the things in the
> future? My suggest is change 'object' to '__object'.
> 
Sure send a patch.
> 3) I also realized that almost of the code is not compliant with PEP08, is
> there any code style to follow in order to colaborate with these .py ?
> 
> In case of these ^ points (1) and (2 ) be accepted, I can send the
> patches.
> 
> 
> Regarding sepolicy, I had a discussions with Daniel about a new
> tool/feature that will be responsible to link an unix user to a SElinux
> admin user. I start to digging into sepolicy code to understand more about
> what it does, since sepolicy will be/is the tool responsible to create
> policies and new roles/admin roles. Once is through these admin roles, e.g.
> logadm_r, that a SElinux admin is created, I was wondering if that linker
> feature fits in sepolicy or if should be a separated tool, would like to
> have thoughts about that.
> 
I think we should just use sepolicy to create the policy file (te, if, fc)
files and then use the Makefile and semodule to install the policy.  I guess
we could shell out to these commands to do the install.  But I would like the
admin to know what the tool is doing, so he could reedit the te file if necessary.

sepolicy generate is the tool we use mainly to generate policy based on templates.

One of my goals for Fedora 21 is to move the entire tool chain to Python3, so
we need to become more careful on the coding standards.  If you want to submit
patches to clean this up it would be great.



> Thanks in advance, Leonidas.
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJOqLgACgkQrlYvE4MpobOkLwCfY0l7wHNjdEVW7r0rQumOKQFc
SQIAnjTxQrdJ6pw8QTc2l5BdJ9BKeTJi
=ViOb
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux