* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
@ 2012-08-10 13:13 Guido Trentalancia
2012-08-14 12:03 ` Christopher J. PeBenito
0 siblings, 1 reply; 9+ messages in thread
From: Guido Trentalancia @ 2012-08-10 13:13 UTC (permalink / raw)
To: refpolicy
Add a comment at the top of the configuration file file_contexts.subs_dist
to clarify that it performs aliasing and not substitutions in the
strict sense of the word.
A name change might be considered too, if it proves to lead to further
confusion.
There might be pieces of documentation that could benefit from similar
considerations.
Also note that a specific manual page is missing.
Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
---
config/file_contexts.subs_dist | 10 ++++++++++
1 file changed, 10 insertions(+)
diff -pruN refpolicy-08092012/config/file_contexts.subs_dist
refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
--- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21
20:10:29.011803405 +0200
+++
refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
2012-08-10 17:01:36.045451839 +0200
@@ -1,3 +1,13 @@
+# This file can is used to configure base path aliases as in:
+#
+# /aliased_path /original_path_as_configured_in_file_contexts
+#
+# where original_path_as_configured_in_file_contexts is a base
+# path being used in the main file_contexts configuration file.
+#
+# It does not perform substitutions as done by sed(1), for
+# example, but aliasing.
+#
/lib32 /lib
/lib64 /lib
/run /var/run
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-10 13:13 [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage Guido Trentalancia
@ 2012-08-14 12:03 ` Christopher J. PeBenito
2012-08-15 8:02 ` Sven Vermeulen
0 siblings, 1 reply; 9+ messages in thread
From: Christopher J. PeBenito @ 2012-08-14 12:03 UTC (permalink / raw)
To: refpolicy
On 08/10/12 09:13, Guido Trentalancia wrote:
> Add a comment at the top of the configuration file file_contexts.subs_dist
> to clarify that it performs aliasing and not substitutions in the
> strict sense of the word.
>
> A name change might be considered too, if it proves to lead to further
> confusion.
>
> There might be pieces of documentation that could benefit from similar
> considerations.
>
> Also note that a specific manual page is missing.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> ---
> config/file_contexts.subs_dist | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
> --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
> +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
> @@ -1,3 +1,13 @@
> +# This file can is used to configure base path aliases as in:
> +#
> +# /aliased_path /original_path_as_configured_in_file_contexts
> +#
> +# where original_path_as_configured_in_file_contexts is a base
> +# path being used in the main file_contexts configuration file.
> +#
> +# It does not perform substitutions as done by sed(1), for
> +# example, but aliasing.
> +#
> /lib32 /lib
> /lib64 /lib
> /run /var/run
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-14 12:03 ` Christopher J. PeBenito
@ 2012-08-15 8:02 ` Sven Vermeulen
2012-08-15 8:13 ` Guido Trentalancia
0 siblings, 1 reply; 9+ messages in thread
From: Sven Vermeulen @ 2012-08-15 8:02 UTC (permalink / raw)
To: refpolicy
On Tue, Aug 14, 2012 at 08:03:58AM -0400, Christopher J. PeBenito wrote:
> On 08/10/12 09:13, Guido Trentalancia wrote:
> > Add a comment at the top of the configuration file file_contexts.subs_dist
> > to clarify that it performs aliasing and not substitutions in the
> > strict sense of the word.
> >
> > A name change might be considered too, if it proves to lead to further
> > confusion.
> >
> > There might be pieces of documentation that could benefit from similar
> > considerations.
> >
> > Also note that a specific manual page is missing.
> >
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > ---
> > config/file_contexts.subs_dist | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> > diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
> > --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
> > +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
> > @@ -1,3 +1,13 @@
> > +# This file can is used to configure base path aliases as in:
> > +#
> > +# /aliased_path /original_path_as_configured_in_file_contexts
> > +#
> > +# where original_path_as_configured_in_file_contexts is a base
> > +# path being used in the main file_contexts configuration file.
> > +#
> > +# It does not perform substitutions as done by sed(1), for
> > +# example, but aliasing.
> > +#
> > /lib32 /lib
> > /lib64 /lib
> > /run /var/run
>
> Merged.
This seems to break policycoreutils:
# semanage fcontext -l
/usr/sbin/semanage: too many values to unpack (expected 2)
Undoing the comment change fixes things again.
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-15 8:02 ` Sven Vermeulen
@ 2012-08-15 8:13 ` Guido Trentalancia
2012-08-15 8:20 ` Sven Vermeulen
0 siblings, 1 reply; 9+ messages in thread
From: Guido Trentalancia @ 2012-08-15 8:13 UTC (permalink / raw)
To: refpolicy
On 15/08/2012 10:02, Sven Vermeulen wrote:
> On Tue, Aug 14, 2012 at 08:03:58AM -0400, Christopher J. PeBenito wrote:
>> On 08/10/12 09:13, Guido Trentalancia wrote:
>>> Add a comment at the top of the configuration file file_contexts.subs_dist
>>> to clarify that it performs aliasing and not substitutions in the
>>> strict sense of the word.
>>>
>>> A name change might be considered too, if it proves to lead to further
>>> confusion.
>>>
>>> There might be pieces of documentation that could benefit from similar
>>> considerations.
>>>
>>> Also note that a specific manual page is missing.
>>>
>>> Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
>>> ---
>>> config/file_contexts.subs_dist | 10 ++++++++++
>>> 1 file changed, 10 insertions(+)
>>>
>>> diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
>>> --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
>>> +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
>>> @@ -1,3 +1,13 @@
>>> +# This file can is used to configure base path aliases as in:
>>> +#
>>> +# /aliased_path /original_path_as_configured_in_file_contexts
>>> +#
>>> +# where original_path_as_configured_in_file_contexts is a base
>>> +# path being used in the main file_contexts configuration file.
>>> +#
>>> +# It does not perform substitutions as done by sed(1), for
>>> +# example, but aliasing.
>>> +#
>>> /lib32 /lib
>>> /lib64 /lib
>>> /run /var/run
>>
>> Merged.
>
> This seems to break policycoreutils:
>
> # semanage fcontext -l
> /usr/sbin/semanage: too many values to unpack (expected 2)
>
> Undoing the comment change fixes things again.
Is semanage using the standard library functions to read the file ?
Because I had a very quick look through the library and the #-comment
skipping code seemed to be there...
Regards,
Guido
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-15 8:13 ` Guido Trentalancia
@ 2012-08-15 8:20 ` Sven Vermeulen
2012-08-15 8:38 ` Guido Trentalancia
0 siblings, 1 reply; 9+ messages in thread
From: Sven Vermeulen @ 2012-08-15 8:20 UTC (permalink / raw)
To: refpolicy
On Wed, Aug 15, 2012 at 10:13:26AM +0200, Guido Trentalancia wrote:
> > This seems to break policycoreutils:
> >
> > # semanage fcontext -l
> > /usr/sbin/semanage: too many values to unpack (expected 2)
> >
> > Undoing the comment change fixes things again.
>
> Is semanage using the standard library functions to read the file ?
> Because I had a very quick look through the library and the #-comment
> skipping code seemed to be there...
fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
for i in fd.readlines():
target, substitute = i.split()
self.equiv_dist[target] = substitute
fd.close()
Just opens the file, reads lines and assumes there are always two
values (target & substitute) on each line. This is from seobject.py.
Wkr,
Sven Vermeulen
PS Sorry for mailing you directly the first time, forgot to update the "To" header...
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-15 8:20 ` Sven Vermeulen
@ 2012-08-15 8:38 ` Guido Trentalancia
2012-08-15 8:45 ` Sven Vermeulen
0 siblings, 1 reply; 9+ messages in thread
From: Guido Trentalancia @ 2012-08-15 8:38 UTC (permalink / raw)
To: refpolicy
Hello Sven.
On 15/08/2012 10:20, Sven Vermeulen wrote:
> On Wed, Aug 15, 2012 at 10:13:26AM +0200, Guido Trentalancia wrote:
>>> This seems to break policycoreutils:
>>>
>>> # semanage fcontext -l
>>> /usr/sbin/semanage: too many values to unpack (expected 2)
>>>
>>> Undoing the comment change fixes things again.
>>
>> Is semanage using the standard library functions to read the file ?
>> Because I had a very quick look through the library and the #-comment
>> skipping code seemed to be there...
>
> fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
> for i in fd.readlines():
> target, substitute = i.split()
> self.equiv_dist[target] = substitute
> fd.close()
>
> Just opens the file, reads lines and assumes there are always two
> values (target & substitute) on each line. This is from seobject.py.
You may have a broken version of the userspace tools.
I have just tested again and the copy of semanage that I have runs fine
the above mentioned test.
The version of semanage I am using should be dated June 2012, if that
helps...
It's important to keep that note in my opinion, because otherwise it
tends to generate confusion due to the somewhat unfortunate name that
has been chosen for the file and due to the lack of a specific
(userspace) manual page.
I'll be on holidays in a few hours, so don't expect much more from this
side anytime soon...
Regards,
Guido
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-15 8:38 ` Guido Trentalancia
@ 2012-08-15 8:45 ` Sven Vermeulen
2012-08-15 9:48 ` Guido Trentalancia
0 siblings, 1 reply; 9+ messages in thread
From: Sven Vermeulen @ 2012-08-15 8:45 UTC (permalink / raw)
To: refpolicy
On Wed, Aug 15, 2012 at 10:38:40AM +0200, Guido Trentalancia wrote:
> You may have a broken version of the userspace tools.
>
> I have just tested again and the copy of semanage that I have runs fine
> the above mentioned test.
>
> The version of semanage I am using should be dated June 2012, if that
> helps...
>
> It's important to keep that note in my opinion, because otherwise it
> tends to generate confusion due to the somewhat unfortunate name that
> has been chosen for the file and due to the lack of a specific
> (userspace) manual page.
The latest release of policycoreutils is from 2012-02-16
(policycoreutils-2.1.10). The one I have is that version, plus a few
python-3 supporting fixes. I tried it with Python-2.7 to be sure, but got
the same result.
Perhaps your distribution has fixes to it that haven't been made upstream
yet (or not in a stable release)?
Wkr,
Sven Vermeulen
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
2012-08-15 8:45 ` Sven Vermeulen
@ 2012-08-15 9:48 ` Guido Trentalancia
0 siblings, 0 replies; 9+ messages in thread
From: Guido Trentalancia @ 2012-08-15 9:48 UTC (permalink / raw)
To: refpolicy
On 15/08/2012 10:45, Sven Vermeulen wrote:
> On Wed, Aug 15, 2012 at 10:38:40AM +0200, Guido Trentalancia wrote:
>> You may have a broken version of the userspace tools.
>>
>> I have just tested again and the copy of semanage that I have runs fine
>> the above mentioned test.
>>
>> The version of semanage I am using should be dated June 2012, if that
>> helps...
>>
>> It's important to keep that note in my opinion, because otherwise it
>> tends to generate confusion due to the somewhat unfortunate name that
>> has been chosen for the file and due to the lack of a specific
>> (userspace) manual page.
>
> The latest release of policycoreutils is from 2012-02-16
> (policycoreutils-2.1.10). The one I have is that version, plus a few
> python-3 supporting fixes. I tried it with Python-2.7 to be sure, but got
> the same result.
>
> Perhaps your distribution has fixes to it that haven't been made upstream
> yet (or not in a stable release)?
I have tested with the SELinux userspace tree dated 4th of June 2012
without any patch applied.
Either it works or it should be made to work as it's just comments and
#-comments should be supported in configuration files.
Regards,
Guido
^ permalink raw reply [flat|nested] 9+ messages in thread
* [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage
@ 2012-08-18 12:30 Guido Trentalancia
0 siblings, 0 replies; 9+ messages in thread
From: Guido Trentalancia @ 2012-08-18 12:30 UTC (permalink / raw)
To: refpolicy
Hello Sven.
>On Wed, Aug 15, 2012 at 10:13:26AM +0200, Guido Trentalancia wrote:
>> > This seems to break policycoreutils:
>> >
>> > # semanage fcontext -l
>> > /usr/sbin/semanage: too many values to unpack (expected 2)
>> >
>> > Undoing the comment change fixes things again.
>>
>> Is semanage using the standard library functions to read the file ?
>> Because I had a very quick look through the library and the #-comment
>> skipping code seemed to be there...
>
> fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
> for i in fd.readlines():
> target, substitute = i.split()
> self.equiv_dist[target] = substitute
> fd.close()
>
>Just opens the file, reads lines and assumes there are always two
>values (target & substitute) on each line. This is from seobject.py.
You're right, I told you fibbs in my previous message.
seobject.py is buggy for it does not skip comments.
It needs to be patched, otherwise, as you noted, "semanage fcontext -l" does not work.
Regards,
Guido
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2012-08-18 12:30 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-10 13:13 [refpolicy] [PATCH]: clarify the file_contexts.subs_dist configuration file usage Guido Trentalancia
2012-08-14 12:03 ` Christopher J. PeBenito
2012-08-15 8:02 ` Sven Vermeulen
2012-08-15 8:13 ` Guido Trentalancia
2012-08-15 8:20 ` Sven Vermeulen
2012-08-15 8:38 ` Guido Trentalancia
2012-08-15 8:45 ` Sven Vermeulen
2012-08-15 9:48 ` Guido Trentalancia
2012-08-18 12:30 Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.