On Fri, Aug 19, 2016 at 11:35:28PM +0800, Jason Zaman wrote: > Hi all, > > I've been trying to finally get rid of the last users of setools3 since > its basically on life support. I have a lot of things fixed locally but > not quite in good enough shape to submit. > > Sepolicy currently is the thing that uses setools3 and everything else > mostly goes via sepolicy. It boils down to sepolicy.info() and > sepolicy.search() which are C-wrappers to setools3. Those two methods > have a very open-ended and confusing API, and are just very thin > wrappers around setools. It seems to me that we'd be better off updating > most things that use it to instead use setools4 directly. > > I have fixed .info() already (although still untested) so .search() is > the main problem. It takes dictionaries of stuff and returns > dictionaries of stuff and what exactly is in the dictionaries is not > that clear. > > How many users outside of the tree are there for sepolicy directly? If > the only users are in the tree, I'd much rather kill off > sepolicy.search() and go directly to setools. Is that an option? > > slawrence mentioned on IRC that setroubleshoot might use sepolicy but > wasnt entirely sure. Even if it does, does it use .search() and .info()? > or does it only use all the other methods from it? It uses search(), info() and few other methods as well. However there are already two branches. One is considered as stable for and uses python2. I'd expect that this branch will depend on setools3 and SELinux userspace <= 2.5. As for the second development branch, I'd say that it can be simply ported to use setools4 directly instead of sepolicy. Petr > -- Jason > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- Petr Lautrbach SELinux Solutions Red Hat Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
