From: James Carter <jwcart2@gmail.com>
To: bauen1 <j2468h@googlemail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 1/2] libsepol/cil: Limit the amount of reporting for neverallow violations
Date: Mon, 14 Feb 2022 09:48:37 -0500 [thread overview]
Message-ID: <CAP+JOzTPoM0dnJThEmJO8JyAJt=E8Ccp=He33xr9TOhvs9mfEA@mail.gmail.com> (raw)
In-Reply-To: <969a8728-ed17-821a-cbeb-38c0ed56e889@gmail.com>
On Fri, Feb 11, 2022 at 8:03 PM bauen1 <j2468h@googlemail.com> wrote:
>
> Hi,
>
> On 1/19/22 14:04, bauen1 wrote:
> >
> > On 1/18/22 16:48, James Carter wrote:
> >> On Fri, Jan 14, 2022 at 2:44 PM bauen1 <j2468h@googlemail.com> wrote:
> >>>
> >>> Hi,
> >>>
> >>> as a heavy user of neverallow / neverallowx, please don't limit this.
> >>>
> >>> When adding a new neverallow rule there might quite a few types violating them, and having to rebuild the policy every 2 types would make fixing them incredibly annoying.
> >>>
> >>> If you want to limit this, then please make it opt-in or add it as a command line option.
> >>>
> >>
> >> I am trying to limit error messages because oss-fuzz seems to be good
> >> at creating policies that generate a lot of error messages and
> >> subsequently take a lot of time to process.
> >>
> >> But I am not going to do that at the expense of people actually using secilc.
> >>
> >> I was already thinking about making the amount of error reporting
> >> depending on the verbosity level. What would think of it limiting it
> >> to two by default, but unlimited at any higher verbosity level. I can
> >> even add a message to use "-v" to see all of the errors.
> >
> > Thanks, something like that would be totally fine for me.
> >
>
> I've also just noticed that typebounds will only print the first 2 violations.
> So if you make this depend on the verbosity level you might want to change that too, just to be consistent.
>
Yes, I did send out a v2 that changes the typebounds error reporting
to depend on the verbosity level as well. That patch set was sent out
on January 19th.
Thanks,
Jim
> --
> bauen1
> https://dn42.bauen1.xyz/
prev parent reply other threads:[~2022-02-14 14:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-14 19:20 [PATCH 1/2] libsepol/cil: Limit the amount of reporting for neverallow violations James Carter
2022-01-14 19:20 ` [PATCH 2/2] libsepol/cil: Limit the amount of reporting for context rule conflicts James Carter
2022-01-14 19:44 ` [PATCH 1/2] libsepol/cil: Limit the amount of reporting for neverallow violations bauen1
2022-01-18 15:48 ` James Carter
2022-01-19 13:04 ` bauen1
2022-02-12 1:03 ` bauen1
2022-02-14 14:48 ` James Carter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAP+JOzTPoM0dnJThEmJO8JyAJt=E8Ccp=He33xr9TOhvs9mfEA@mail.gmail.com' \
--to=jwcart2@gmail.com \
--cc=j2468h@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.