# SE Linux policy modules *.pp 0 lelong 0xf97cff8f SE Linux modular policy >4 lelong x version %d, >8 lelong x %d sections, >>(12.l) lelong 0xf97cff8d >>>(12.l+27) lelong x mod version %d, >>>(12.l+31) lelong 0 Not MLS, >>>(12.l+31) lelong 1 MLS, >>>(12.l+23) lelong 2 >>>>(12.l+47) string >\0 module name %s >>>(12.l+23) lelong 1 base The above /etc/magic entry allows file(1) to display some information about policy modules. Below is a sample of the result: # file qmail.pp base.pp /tmp/loadkeys.pp qmail.pp: SE Linux modular policy version 1, 2 sections, mod version 7, Not MLS, module name qmail\005 base.pp: SE Linux modular policy version 1, 4 sections, mod version 7, Not MLS, base /tmp/loadkeys.pp: SE Linux modular policy version 1, 2 sections, mod version 6, MLS, module name loadkeys\005 Please let me know what you think of this, in terms of text formatting, information displayed, and use of file(1) features. The \005 after the module name is due to the fact that file(1) seems to support only two types of string, a "C string" (terminated by \0) and a "Pascal string" where a single byte is used to indicate the length. Using a 32bit little-endian word to indicate the length doesn't seem to work with file(1) - but if anyone can figure out a way then please let me know. It seems to me that it would be a good idea to write /etc/magic entries at the same time as devising file formats. Being able to quickly and easily determine the contents of a file is a really handy feature. Working with the limitations of file(1) to support this to the greatest degree possible would be a good thing. If the module name was limited to 255 characters I doubt that it would ever inconvenience anyone (in the past I've used compilers that support symbol lengths of ~30 characters), but having a better display in file(1) output would often help people. Another option would be to have a word indicating the string length while also having a 0 terminator (wasting the occasional byte isn't really a problem). -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
