On Mon, May 08, 2017 at 10:40:53PM +0200, Dominick Grift wrote:On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote:
On May 8, 2017, at 3:49 PM, Dominick Grift <dac.override@xxxxxxxxx> wrote:
And if you mean specifically in the context of DSSP, like I said I bet the changes would be minimal. So if you are interested in giving it a try I’ll be happy to look at the changes needed and give you a hand.
I agree, and ive said that when I said: "a few rough edges" Its close the usable with DSSP. It just needs to deal with some of the current assumptions:
ill point out some:
1. return self.grep(name, "*.te", self.modules_path) # what about .cil suffixed files?
We should make this customizable something like: source_policy_suffix =Because we would need to catch *.conf , *.te , *.cil and any future high level source policy files that leverage cil
Like I said, I just renamed the PolicySource object to reflect that it’s specific to reference policy. Feel free to send a patch adding a DSSP object that implements the changes that you think are needed.
[deleted many similar requests] 5. any references to type attributes should be customizable: ie. process_types = ... filesystem_types = ... etc
I do not consider Linux access vectors to be customizable, unlike types ,attributes, booleans, tunables etc)
I know what you mean, but I have to point out that the domain attribute has been much more stable across many different operating systems than the object classes and access vectors.
Thanks - Karl
|