On Tue, 2008-07-08 at 10:54 -0500, Joe Nall wrote: > On Jun 27, 2008, at 1:56 PM, Joshua Brindle wrote: > > > Paul Moore wrote: > >> On Friday 27 June 2008 9:42:48 am Joshua Brindle wrote: > >>> I think for the time being we should not be importing the updated > >>> mcstrans into fedora. There are still some unanswered questions > >>> about > >>> the implementation. We are talking about some of these offline. > >> > >> Any particular reason why the discussion isn't online? Granted I'm > >> not > >> sure I would have much useful to contribute but I do like hearing > >> about > >> what is going on and the discussion behind the decisions ... > >> > > > > Oops, I misspoke. The unanswered questions were on list, how to deal > > with the use of private libsepol types, duplicated functions and > > missing ebitmap functionality in the library. > > Any progress or thoughts on this? I think the best way to proceed would likely be to start proposing what set of interfaces you need from libsepol in order to implement your functionality w/o binding mcstrans too tightly to the internal policy representation (such that if we later change the policy internal representation of a mls range/level, it doesn't break mcstrans at all). Patches demonstrating such interfaces would be fine too. We may need some intermediate data structures that are a little bit abstracted from the raw policy structures. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
