On Fri, Oct 04, 2013 at 07:38:32AM -0400, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/02/2013 10:56 AM, Leonidas S. Barbosa wrote:
>
> Hi,
>
> this is my first participation here, not sure I'd introduce myself, but
> anyway, I'd like to colaborate with some pieces of code in SElinux, and
> these are my first attempt to.
>
> 1) In semanage file (policycoreutils/semanage/semanage) I saw that 'import
> selinux' and selinux module is not used in any place. Is it really need?
>
Nope, probably used to be used. I will remove it.
> 2) still in semanage file I could notice that there are assignments to a
> variable called 'object', object is also a Python keyword/global variable
> used to create class. Wondering if it can not mess up the things in the
> future? My suggest is change 'object' to '__object'.
>
Sure send a patch.
> 3) I also realized that almost of the code is not compliant with PEP08, is
> there any code style to follow in order to colaborate with these .py ?
>
> In case of these ^ points (1) and (2 ) be accepted, I can send the
> patches.
>
>
> Regarding sepolicy, I had a discussions with Daniel about a new
> tool/feature that will be responsible to link an unix user to a SElinux
> admin user. I start to digging into sepolicy code to understand more about
> what it does, since sepolicy will be/is the tool responsible to create
> policies and new roles/admin roles. Once is through these admin roles, e.g.
> logadm_r, that a SElinux admin is created, I was wondering if that linker
> feature fits in sepolicy or if should be a separated tool, would like to
> have thoughts about that.
>
I think we should just use sepolicy to create the policy file (te, if, fc)
files and then use the Makefile and semodule to install the policy. I guess
we could shell out to these commands to do the install. But I would like the
admin to know what the tool is doing, so he could reedit the te file if necessary.
So the better is have a separate tool here to link these admin SElinux
against UNIX login.
sepolicy generate is the tool we use mainly to generate policy based
on templates.
One of my goals for Fedora 21 is to move the entire tool chain to Python3, so
we need to become more careful on the coding standards. If you want to submit
patches to clean this up it would be great.
Cool, by tool chain you mean policycoreutils, right? And regarding what
code work, upstream code I believe, but what about the intervel to
fedora patches be applied into upstream. Just looking for the ideal scenario here,
work with fedora patches applied to upstream code.
> Thanks in advance, Leonidas.
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlJOqLgACgkQrlYvE4MpobOkLwCfY0l7wHNjdEVW7r0rQumOKQFc
SQIAnjTxQrdJ6pw8QTc2l5BdJ9BKeTJi
=ViOb
-----END PGP SIGNATURE-----