On Thu, May 21, 2015 at 2:05 PM, Jeffrey Vander Stoep <jeffv@xxxxxxxxxx> wrote: > Here is my personal todo list based on this conversation. > > - change example policy in commit message to demonstrate intended use. > No raw ioctl values. > - Look into making logic more general, less ioctl specific > - Look at making the code clearer. I.e. address Paul's comments on > lack of clarity in struct/variable naming. Thanks. That all sounds reasonable to me. > In the spirit of keeping this commit concise and as basic as possible > (it's already 800 LOC!) I will not address suggestions to propagate > additional policy information such as ioctl names and groups into the > kernel binary. I agree that would be useful, but I will leave as > future work. Agreed. Also, if you want, you could probably split up patch 2/2 if you wanted into a few more patches. While the golden rule is that you can't break anything with a single patch, e.g. it must still compile/boot, it is perfectly fine to add non-functional code midway through a patchset so long as everything is working and enabled by the time you reach the end of the patchset. > Regarding comments on policy syntax, those will be addressed in a > separate non-kernel commit to the selinux project. > > Thanks again for all the feedback! Thanks for the patches! _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
