-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/07/2013 12:39 PM, Leonidas S. Barbosa wrote:
On Fri, Oct 04, 2013 at 07:38:32AM -0400, Daniel J Walsh wrote: On 10/02/2013 10:56 AM, Leonidas S. Barbosa wrote:
Hi,
this is my first participation here, not sure I'd introduce myself, but anyway, I'd like to colaborate with some pieces of code in SElinux, and these are my first attempt to.
- In semanage file (policycoreutils/semanage/semanage) I saw that
'import selinux' and selinux module is not used in any place. Is it really need?
Nope, probably used to be used. I will remove it.
- still in semanage file I could notice that there are assignments
to a variable called 'object', object is also a Python keyword/global variable used to create class. Wondering if it can not mess up the things in the future? My suggest is change 'object' to '__object'.
Sure send a patch.
- I also realized that almost of the code is not compliant with
PEP08, is there any code style to follow in order to colaborate with these .py ?
In case of these ^ points (1) and (2 ) be accepted, I can send the patches.
Regarding sepolicy, I had a discussions with Daniel about a new tool/feature that will be responsible to link an unix user to a SElinux admin user. I start to digging into sepolicy code to understand more about what it does, since sepolicy will be/is the tool responsible to create policies and new roles/admin roles. Once is through these admin roles, e.g. logadm_r, that a SElinux admin is created, I was wondering if that linker feature fits in sepolicy or if should be a separated tool, would like to have thoughts about that.
I think we should just use sepolicy to create the policy file (te, if, fc) files and then use the Makefile and semodule to install the policy. I guess we could shell out to these commands to do the install. But I would like the admin to know what the tool is doing, so he could reedit the te file if necessary.
So the better is have a separate tool here to link these admin SElinux against UNIX login.
I guess this is something
sepolicy generate is the tool we use mainly to generate policy based on templates.
One of my goals for Fedora 21 is to move the entire tool chain to Python3, so we need to become more careful on the coding standards. If you want to submit patches to clean this up it would be great.
Cool, by tool chain you mean policycoreutils, right? And regarding what code work, upstream code I believe, but what about the intervel to fedora patches be applied into upstream. Just looking for the ideal scenario here, work with fedora patches applied to upstream code.
Yes policycoreutils, but also make sure libselinux and libsemanage python3 patches work properly.
My only problem with a new tool rather then a new sepolicy COMMAND, would be the proliferation of SELinux tools.
I would like to move to two tool suites. semanage and sepolicy. Rather then adding something brand new.
Thanks in advance, Leonidas.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux