Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust sepolgen grammar to support allowxperm, et. al. #348

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Adjust sepolgen grammar to support allowxperm, et. al. #348

wants to merge 2 commits into from

Conversation

ColMelvin
Copy link

Provide basic support for allowxperm, auditallowxperm, dontauditxperm and neverallowxperm so /usr/bin/sepolgen-ifgen stops spewing errors on my policy every time selinux-policy-targeted gets updated.

While I would prefer additional changes to address magic numbers (e.g. a new macro, much like interface, but for defining xperm numbers), this PR is sufficient for my and - hopefully - the majority of the community's needs.

@ColMelvin
sepolgen: Update refparser to handle xperm
5798cf4 
Extend the grammar to support `allowxperm`, et. al. directives, which
were added in policy version 30 to give more granular control.  This
commit adds basic support for the syntax, copying heavily from the
grammar for `allowperm`, et. al.

Signed-off-by: Chris Lindee <chris.lindee+github@gmail.com>
@ColMelvin
sepolgen: Support named xperms
9bcd61d 
The `allowxperm` et. al. directives take a magical integer for one of
the fields, which hinders readability.  This commit adds support for
basic names for a number or group of numbers.

Notably, this does not support recursive definition of names, as that
would require a larger grammar re-write to avoid parsing conflicts.

Signed-off-by: Chris Lindee <chris.lindee+github@gmail.com>
@ColMelvin ColMelvin force-pushed the feature.wider-xperm-policy-support branch from ab12659 to 9bcd61d Compare March 30, 2022 07:52
@ColMelvin ColMelvin mentioned this pull request Mar 30, 2022
Draft
13 tasks
@bachradsusi
Copy link
Member

Thanks for the patches. Please send them to selinux@vger.selinux.org for review when you are ready, see https://github.com/SELinuxProject/selinux/blob/master/CONTRIBUTING.md If you, for any reason, can't send it I could do it for you.

@almereyda
Copy link

@ColMelvin As your PR with the patches for the ZFS PAM module was accepted, did you succeed in sending them over to the mailing list for review?

If that doesn't work for you, there was also the offer by @bachradsusi to do this as an escrow for you.

@ColMelvin
Copy link
Author

I sent 3 emails with the patches to selinux@vger.kernel.org at 2022-08-01T01:57Z, but never heard anything back. I'm not part of the mailing list, so could not confirm their receipt.

@almereyda Do you have any advice for getting traction on the patches?

@williamcroberts
Copy link

I sent 3 emails with the patches to selinux@vger.kernel.org at 2022-08-01T01:57Z, but never heard anything back. I'm not part of the mailing list, so could not confirm their receipt.

They're on the mailing list archives:
https://lore.kernel.org/selinux/20220801015721.393211-1-chris.lindee+git@gmail.com/T/#t

Try a resend and put something like [resend] in the subject line so
folks know. I'd review these but sepolgen isn't really in my wheel house.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@its0x08 its0x08 its0x08 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ColMelvin @bachradsusi @almereyda @williamcroberts @its0x08