Stephen Smalley wrote:
> On Thu, 2008-07-10 at 11:18 -0400, Daniel J Walsh wrote:
> I noticed that puppet is not SELinux aware. We are using this in the
> Fedora Infrastructure. Puppet is written in Ruby. In order to get the
> packages to make Puppet SELinux aware we need at least matchpathcon,
> is_selinux_enabled, setfscreatecon and setfilecon to have Ruby bindings.
>
>
> So I try to learn as much Ruby in an afternoon as possible and converted
> as much libselinux python bindings to Ruby as I could. Enough to get
> puppet going on working with selinux.
>
> If some Ruby expert wants to fix the rest of the bindings that would be
> great. :^)
plain text document attachment (diff)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile
libselinux-2.0.67/src/Makefile
--- nsalibselinux/src/Makefile 2008-06-22 09:40:25.000000000 -0400
+++ libselinux-2.0.67/src/Makefile 2008-07-09 16:56:37.000000000 -0400
@@ -44,11 +54,11 @@
SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
-GENERATED=$(SWIGCOUT)
+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
all: $(LIBA) $(LIBSO)
-pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO) $(SWIGRUBYSO)
> Should there be a separate makefile target for the ruby bindings?
Yes
diff --exclude-from=exclude -N -u -r
nsalibselinux/src/selinuxswig_ruby.i
libselinux-2.0.67/src/selinuxswig_ruby.i
--- nsalibselinux/src/selinuxswig_ruby.i 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.67/src/selinuxswig_ruby.i 2008-07-09
16:52:33.000000000 -0400
@@ -0,0 +1,147 @@
+/* Author: Dan Walsh, Converted from James Athey python code
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* security_get_boolean_names() typemap */
+/*
+%typemap(argout) (char ***names, int *len) {
+ PyObject* list = PyList_New(*$2);
+ int i;
+ for (i = 0; i < *$2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ }
+ $result = SWIG_Python_AppendOutput($result, list);
+}
> Rather than commenting out or #ifdef'ing python binding code, just
> remove it from this file.
I left it in t he hopes that someone who knew ruby would come in and fix it.
+%typemap(in,noblock=1,numinputs=0) security_context_t *
(security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+/*
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+*/
+}
> Don't you need to handle the else clause in some manner?
I don't know. This handling is just to make sure memory does not leak,
I believe. I do not know what the default for ruby would do.
> What are the build dependencies? Doesn't build for me on F8 or F9 with
> ruby, ruby-libs and ruby-devel installed.
Build fine for me on F9 and Rawhide.
Spec file has:
BuildRequires: python-devel ruby-devel ruby libsepol-static >=
%{libsepolver} swig
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
