This is an automatically generated e-mail. To reply, visit: http://reviewboard-openlmi.rhcloud.com/r/1986/

Second part of my review.

Additional notes:

in LMI_SELinuxPortProvider.c / LMI_SELinuxPortEnumInstances()
* s/broken/broker/
* s/to free to/to free/
* ranges (GSList) are not freed (just ports they refer to)

in LMI_SELinuxServiceProvider.c / parse_selinux_sysconf()
* I'd avoid allocating 25*BUFLEN bytes on a stack. Please use heap. Although
it isn't totally safe, I'd also recommend to get the file size and use it as a
buffer size (+1).

in LMI_SELinuxServiceProvider.c / LMI_SELinuxServiceEnumInstances()
* s/security_genenforce/security_getenforce

in LMI_SELinuxServiceProvider.c / parse_port_instance_id()
* don't forget to free parts

in LMI_SELinuxServiceProvider.c / parse_port_range()
* mixing tabs with spaces

in LMI_SELinuxServiceProvider.c / SetPortLabel()
* place the lmi_job_set_method_name before jobmgr_run_job

src/selinux/selinux.c (Diff revision 1)
		33	LMI_SELinuxService_Set_SystemName(service, lmi_get_system_name());

use lmi_get_system_name_safe()

src/selinux/selinux.c (Diff revision 1)
		60	const gint CONTENT_SIZE = 25 * BUFLEN;

use heap

src/selinux/selinux.c (Diff revision 1)
		83	while((read = getline (&line, &line_len, f)) != -1) {
		84	if (g_regex_match(re, line, 0, &mi)) {
		85	read = snprintf(line, BUFLEN - 1, "SELINUX=%s\n", (newstate == 0) ? "disabled" :
		86	(newstate == 1) ? "permissive" :
		87	(newstate == 2) ? "enforcing" :
		88	"unknown");
		89	lmi_debug("SELINUX default state changed to %s", line);
		90	}
		91	g_strlcat(content, line, CONTENT_SIZE);
		92	content_len += read;

What if SELINUX=* line is commented out?

src/selinux/selinux.c (Diff revision 1)
		109	lmi_debug("<== set_setlinux_default_state");

's/set_setlinux_default_state/set_selinux_default_state/'

src/selinux/selinux.c (Diff revision 1)
		478	if (include_input)
		479	/* not interested in input parameters */
		480	return st;

If believe
if (!include_output)
    return st;


is what you really want. But input arguments could be filled as well - they are already defined in __MethodParameters_* classes.

src/selinux/test/test_selinux.py (Diff revision 1)
		75	Build a dictionary o SELinux booleans from semanage output.

's/\<o>/of/

src/selinux/test/test_selinux.py (Diff revision 1)
		189	│ └── d1-d2 -> /tmp/d1/d1-d2/
		190	├── d4
		191	│ └── cycle -> /tmp/d4/
		192	├── fsymlink -> /tmp/f.txt

isn't /tmp supposed to be a TESTDIR?

src/selinux/test/test_selinux.py (Diff revision 1)
		256	# the order in which the setsebool commands are is called matters

s/are is/are/

src/selinux/test/test_selinux.py (Diff revision 1)
		312	# security_genenforce() / security_getenforcemode() return -1 (disabled), 0

s/security_genenforce/security_getenforce/

src/selinux/test/test_selinux.py (Diff revision 1)
		353	self.assertEquals(res[0], 0)
		354	inst = self._get_instance()
		355	self._verify_selinux_states(inst)

I'd also check that desired states were set.

- Michal Minar

On srpen 29th, 2014, 10:56 dop. UTC, Jan Synacek wrote:

Review request for OpenLMI Developers.

By Jan Synacek.

Updated Srp. 29, 2014, 10:56 dop.

Repository: openlmi-providers

Description

implement SELinux provider

In case diffs don't work, I'll track changes in my WIP branch until the patch is merged:

https://git.fedorahosted.org/cgit/openlmi-providers.git/log/?h=selinux-devel

Diffs

CMakeLists.txt (463da8c63a314dd34595710a127a0429f89edc49)
mof/60_LMI_SELinux.mof (PRE-CREATION)
mof/60_LMI_SELinux.reg (PRE-CREATION)
mof/60_LMI_SELinux_MethodParameters.mof (PRE-CREATION)
mof/CMakeLists.txt (5e7aaa7f08d7f57277a0215970ba49064d6e0e69)
src/.dir-locals.el (PRE-CREATION)
src/CMakeLists.txt (58d72f596a1675e16ff06f437333859b54c00800)
src/libs/jobmanager/lmi_job.c (004e6a72c9f5c36acfa3f4062a5a036ab0843d39)
src/libs/libopenlmi/openlmi.h (8f4770cde0d826fa95dabaa5a700934030f7bc90)
src/libs/libopenlmi/openlmi.c (da660a5bdb5c9fc37aa17031700bf3d93596d43a)
src/logicalfile/CMakeLists.txt (0448f1e8c04dba47b767edd4b84f049fe5e0cf26)
src/logicalfile/file.h (4caf84dd4db8dafc705fdd99738ff0e886db6323)
src/selinux/90_LMI_SELinux_Profile.mof.skel (PRE-CREATION)
src/selinux/CMakeLists.txt (PRE-CREATION)
src/selinux/LMI_AffectedSELinuxJobElementProvider.c (PRE-CREATION)
src/selinux/LMI_AssociatedSELinuxJobMethodResultProvider.c (PRE-CREATION)
src/selinux/LMI_HostedSELinuxServiceProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxBooleanProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxInstModificationProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxJobProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxMethodResultProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxPortProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxServiceHasElementProvider.c (PRE-CREATION)
src/selinux/LMI_SELinuxServiceProvider.c (PRE-CREATION)
src/selinux/cmpiLMI_SELinux-cimprovagt (PRE-CREATION)
src/selinux/selinux.h (PRE-CREATION)
src/selinux/selinux.c (PRE-CREATION)
src/selinux/test/README (PRE-CREATION)
src/selinux/test/__init__.py (PRE-CREATION)
src/selinux/test/test_selinux.py (PRE-CREATION)

View Diff