-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/07/2013 12:39 PM, Leonidas S. Barbosa wrote: > On Fri, Oct 04, 2013 at 07:38:32AM -0400, Daniel J Walsh wrote: On > 10/02/2013 10:56 AM, Leonidas S. Barbosa wrote: >>>> >>>> Hi, >>>> >>>> this is my first participation here, not sure I'd introduce myself, >>>> but anyway, I'd like to colaborate with some pieces of code in >>>> SElinux, and these are my first attempt to. >>>> >>>> 1) In semanage file (policycoreutils/semanage/semanage) I saw that >>>> 'import selinux' and selinux module is not used in any place. Is it >>>> really need? >>>> > Nope, probably used to be used. I will remove it. >>>> 2) still in semanage file I could notice that there are assignments >>>> to a variable called 'object', object is also a Python keyword/global >>>> variable used to create class. Wondering if it can not mess up the >>>> things in the future? My suggest is change 'object' to '__object'. >>>> > Sure send a patch. >>>> 3) I also realized that almost of the code is not compliant with >>>> PEP08, is there any code style to follow in order to colaborate with >>>> these .py ? >>>> >>>> In case of these ^ points (1) and (2 ) be accepted, I can send the >>>> patches. >>>> >>>> >>>> Regarding sepolicy, I had a discussions with Daniel about a new >>>> tool/feature that will be responsible to link an unix user to a >>>> SElinux admin user. I start to digging into sepolicy code to >>>> understand more about what it does, since sepolicy will be/is the >>>> tool responsible to create policies and new roles/admin roles. Once >>>> is through these admin roles, e.g. logadm_r, that a SElinux admin is >>>> created, I was wondering if that linker feature fits in sepolicy or >>>> if should be a separated tool, would like to have thoughts about >>>> that. >>>> > I think we should just use sepolicy to create the policy file (te, if, fc) > files and then use the Makefile and semodule to install the policy. I > guess we could shell out to these commands to do the install. But I would > like the admin to know what the tool is doing, so he could reedit the te > file if necessary. > > >> So the better is have a separate tool here to link these admin SElinux >> against UNIX login. > I guess this is something > sepolicy generate is the tool we use mainly to generate policy based on > templates. > > One of my goals for Fedora 21 is to move the entire tool chain to Python3, > so we need to become more careful on the coding standards. If you want to > submit patches to clean this up it would be great. > >> Cool, by tool chain you mean policycoreutils, right? And regarding what >> code work, upstream code I believe, but what about the intervel to fedora >> patches be applied into upstream. Just looking for the ideal scenario >> here, work with fedora patches applied to upstream code. > Yes policycoreutils, but also make sure libselinux and libsemanage python3 patches work properly. My only problem with a new tool rather then a new sepolicy COMMAND, would be the proliferation of SELinux tools. I would like to move to two tool suites. semanage and sepolicy. Rather then adding something brand new. > > > > >>>> Thanks in advance, Leonidas. >>>> >>>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> > >> > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJS7GkACgkQrlYvE4MpobNK+ACeIEwihkd1opU4NHf/1NyCwXvD m08An1G7Fy5gZDQ4v9whySn6XueIh1iE =ZBOM -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
