[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[patch #4848] Patch - Support for SELinux

From: Kamil Dudka
Subject: [patch #4848] Patch - Support for SELinux
Date: Tue, 24 Feb 2009 16:59:05 +0000
User-agent: Opera/9.50 (X11; Linux x86_64; U; en)

Follow-up Comment #4, patch #4848 (project findutils):

> * It does not update the Texinfo documentation at all!
It does. The -context predicate is mentioned in 'info "Finding Files" "Mode
Bits"' and the %Z printf conversion is mentioned in 'info "Actions" "Print
File Information" "Format Directives" "Size Directives"' which is actually a
wrong place. But I can't see any suitable node to move it. Should we create
separate node for security context?

> * It makes --version emit SELINUX even if that feature is not availble.
> This is especially a problem because now there is presumably a significant
> installed base of RH-related machines that give misleading information. 
> Since the gnulib implementation is a stub even if the compiled program is
> then run on a SELinux-enabled system, this is an unfortunate bug.  If a
> binary RPM package made with this patch has never been built on a machine
> lacking the selinux development libraries, this may be a bug without
> though.
I've changed it to check for SELinux in run-time.

> * The costlookup[] initialisation sets pred_context to NeedsNothing, which
> will presumably lead the optimiser to prefer it to much cheaper tests (for
> example -type).  I would guess that NeedsAccessInfo is probably
> approximately the right cost (though I have not looked at the SELinux
> implementation).
I've looked quickly into getfilecon implementation. It uses the getxattr
function to obtain file's context which uses getxattr syscall, at least at
Fedora. The implementation is probably file system dependent, but
NeedsAccessInfo seems to be good candidate.

> * parse_context leaves pred->est_success_rate at 1.0, which is on average
> an overestimate.
Well, changed to 0.01 - is this ok?

> There are also some minor issues which are just not a big deal (not
> patching the NEWS or ChangeLog files, spurious introduction of
> pred->args.scontext).
I've attempted to fix these minor issues.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]