All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stephen Smalley <sds@tycho.nsa.gov>
To: jwcart2@tycho.nsa.gov
Cc: Caleb Case <ccase@tresys.com>,
	selinux@tycho.nsa.gov, csellers@tresys.com,
	kmacmillan@tresys.com, jbrindle@tresys.com
Subject: Re: [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp
Date: Fri, 08 Jan 2010 10:28:04 -0500	[thread overview]
Message-ID: <1262964484.13162.20.camel@moss-pluto.epoch.ncsc.mil> (raw)
In-Reply-To: <1262963276.11210.33.camel@localhost>

On Fri, 2010-01-08 at 10:07 -0500, James Carter wrote:
> On Fri, 2010-01-08 at 09:30 -0500, Stephen Smalley wrote:
> > On Wed, 2009-12-23 at 18:25 -0500, Caleb Case wrote:
> > > This patch moves the final files from inside
> > > /var/lib/selinux/<store>/[active|previous|tmp] to
> > > /var/lib/selinux/tmp/<store>. The move is done to facilitate using
> > > source control management on the /var/lib/selinux/<store> directory. If
> > > these files remain in /var/lib/selinux/<store> they will pose a size
> > > problem if an SCM like git is used as we'd be storing lots of binary
> > > diffs. We are suggesting making this change now, rather than later when
> > > source policy, SCM, and CIL[1] support are available, to ease the
> > > migration burden.
> > > 
> > > These are the files that have been moved:
> > > 
> > > /var/lib/selinux/<store>/active/...	/var/lib/selinux/tmp/<store>/...
> > > 
> > > file_contexts				contexts/files/file_contexts
> > > file_contexts.homedirs			contexts/files/file_contexts.homedirs
> > > file_contexts.local			contexts/files/file_contexts.local
> > > netfilter_contexts			contexts/netfilter_contexts
> > > policy.kern				policy/policy.<policyversion>
> > > seusers.final				seusers
> > > 
> > > The layout of these files in /var/lib/selinux/tmp/<store> is designed to
> > > mirror their locations in /etc/selinux/<store>. This should help clarify
> > > the relationship between these final files and the files installed in
> > > etc.
> > > 
> > > One consequence of this move is that reverting to the previous policy
> > > version requires a policy rebuild. Currently you can revert without
> > > rebuilding.
> > 
> > That seems a little worrisome to me, as a rebuild might fail, e.g. what
> > happens if we abort a transaction due to a lack of disk space and then
> > try to revert, requiring a rebuild, only to run out of space during the
> > rebuild?
> > 
> If the transaction is aborted then the policy hasn't actually been
> changed, so I don't think that this example would be a problem.  It is
> only after the transaction is complete that everything is written to the
> final location.  Or am I missing something?
> 
> It would be a problem only if changes were made to the policy, that
> policy loaded, there were problems, and then the rebuild of the previous
> policy fails.

I'm unclear on what state things would be left in.  I'm also unclear on
the implications of writing these files to a single tmp/ location rather
than having separate copies in active/, previous/, and tmp/ - I don't
want us to unwittingly clobber files or leave them in intermediate
states (as happened with the earlier attempt to hard link files among
active/, previous/ and tmp/).

I tried running the code but I seem to see these "final files" still
under the individual <store> directories in /var/lib/selinux rather than
under tmp/.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  reply	other threads:[~2010-01-08 15:28 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-23 23:25 [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Caleb Case
2009-12-23 23:25 ` [PATCH 01/13] libsemanage: fix typo in tests makefile -o -> -O Caleb Case
2009-12-23 23:25   ` [PATCH 02/13] semanage: move permissive module creation to /tmp Caleb Case
2009-12-23 23:25     ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Caleb Case
2009-12-23 23:25       ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Caleb Case
2009-12-23 23:25         ` [PATCH 05/13] libsemanage: update unit tests for move to /var/lib/selinux Caleb Case
2009-12-23 23:25           ` [PATCH 06/13] libsemanage: add default priority to semanage_handle_t Caleb Case
2009-12-23 23:25             ` [PATCH 07/13] libsemanage: augment semanage_module_info_t and provide semanage_module_key_t Caleb Case
2009-12-23 23:25               ` [PATCH 08/13] libsemanage: get/set module info and enabled status Caleb Case
2009-12-23 23:25                 ` [PATCH 09/13] libsemanage: provide function to get new base module path Caleb Case
2009-12-23 23:25                   ` [PATCH 10/13] libsemanage: installing/upgrading/removing modules via info and key Caleb Case
2009-12-23 23:25                     ` [PATCH 11/13] libsemanage: new private api for unstable functions Caleb Case
2009-12-23 23:25                       ` [PATCH 12/13] semodule: add priority, enabled, and extended listing Caleb Case
2009-12-23 23:26                         ` [PATCH 13/13] semanage store migration script Caleb Case
2010-01-08 15:34                           ` Stephen Smalley
2010-01-08 20:59                             ` James Carter
2010-01-08 21:05                               ` Stephen Smalley
2010-01-08 21:27                               ` Caleb Case
2010-01-11 19:53                                 ` James Carter
2010-01-11 19:57                                   ` Joshua Brindle
2010-01-11 20:45                                     ` James Carter
2010-01-08 14:30         ` [PATCH 04/13] libsemanage: split final files into /var/lib/selinux/tmp Stephen Smalley
2010-01-08 15:07           ` James Carter
2010-01-08 15:28             ` Stephen Smalley [this message]
2010-01-08 18:25               ` Caleb Case
2010-01-08 20:19               ` Joshua Brindle
2010-01-08 20:25                 ` Stephen Smalley
2010-01-08 20:30                   ` Joshua Brindle
2010-01-08 20:51                     ` Joshua Brindle
2010-01-08 20:58                       ` Stephen Smalley
2010-01-08 21:02                         ` Joshua Brindle
2010-01-08 21:04                           ` Stephen Smalley
2010-01-08 21:12                           ` James Carter
2010-01-08 14:28       ` [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux Stephen Smalley
2010-01-08 14:50         ` James Carter
2010-01-08 15:19           ` Stephen Smalley
2010-01-07 22:28 ` [PATCH 00/13] RFC libsemanage move to var, enable/disable module, and priority support Chad Sellers
2010-01-08 14:30   ` James Carter
2010-01-21 21:06     ` Chad Sellers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1262964484.13162.20.camel@moss-pluto.epoch.ncsc.mil \
    --to=sds@tycho.nsa.gov \
    --cc=ccase@tresys.com \
    --cc=csellers@tresys.com \
    --cc=jbrindle@tresys.com \
    --cc=jwcart2@tycho.nsa.gov \
    --cc=kmacmillan@tresys.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.