Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Dominick Grift
On Tue, May 09, 2017 at 06:47:55PM +0200, Dominick Grift wrote: > On Tue, May 09, 2017 at 06:15:43PM +0200, Dominick Grift wrote: > > On Tue, May 09, 2017 at 11:21:23AM -0400, Karl MacMillan wrote: > > > > > > > On May 8, 2017, at 4:40 PM, Dominick Grift > > > > wrote: >

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Dominick Grift
On Tue, May 09, 2017 at 06:15:43PM +0200, Dominick Grift wrote: > On Tue, May 09, 2017 at 11:21:23AM -0400, Karl MacMillan wrote: > > > > > On May 8, 2017, at 4:40 PM, Dominick Grift wrote: > > > > > > On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: > >

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Dominick Grift
On Tue, May 09, 2017 at 11:21:23AM -0400, Karl MacMillan wrote: > > > On May 8, 2017, at 4:40 PM, Dominick Grift wrote: > > > > On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: > >> > >>> On May 8, 2017, at 3:49 PM, Dominick Grift

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Joshua Brindle
Karl MacMillan wrote: 5. any references to type attributes should be customizable: ie. process_types = ... filesystem_types = ... etc I do not consider Linux access vectors to be customizable, unlike types ,attributes, booleans, tunables etc) I know what you mean, but I have to point

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Karl MacMillan
> On May 8, 2017, at 5:47 PM, Dominick Grift wrote: > > On Mon, May 08, 2017 at 10:40:53PM +0200, Dominick Grift wrote: >> On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: >>> On May 8, 2017, at 3:49 PM, Dominick Grift wrote:

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-09 Thread Karl MacMillan
> On May 8, 2017, at 4:40 PM, Dominick Grift wrote: > > On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: >> >>> On May 8, 2017, at 3:49 PM, Dominick Grift wrote: >>> >>> On Mon, May 08, 2017 at 03:36:21PM -0400, Karl MacMillan

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 11:47:14PM +0200, Dominick Grift wrote: > On Mon, May 08, 2017 at 10:40:53PM +0200, Dominick Grift wrote: > > On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: > > > > > > > On May 8, 2017, at 3:49 PM, Dominick Grift > > > > wrote: >

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 10:40:53PM +0200, Dominick Grift wrote: > On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: > > > > > On May 8, 2017, at 3:49 PM, Dominick Grift wrote: > > > > > > On Mon, May 08, 2017 at 03:36:21PM -0400, Karl MacMillan wrote: > >

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: > > > On May 8, 2017, at 3:49 PM, Dominick Grift wrote: > > > > On Mon, May 08, 2017 at 03:36:21PM -0400, Karl MacMillan wrote: > >> > >>> > >> > >> I think it’s best to think of these as having three

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Karl MacMillan
> On May 8, 2017, at 3:49 PM, Dominick Grift wrote: > > On Mon, May 08, 2017 at 03:36:21PM -0400, Karl MacMillan wrote: >> >>> >> >> I think it’s best to think of these as having three basic layers: >> >> 1. Basic tools for SELinux policy analysis in Jupyter - these

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 03:36:21PM -0400, Karl MacMillan wrote: > > > On May 8, 2017, at 5:32 AM, Dominick Grift wrote: > > > > On Mon, May 08, 2017 at 10:55:55AM +0200, Dominick Grift wrote: > >> On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: > >>>

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Karl MacMillan
> On May 7, 2017, at 3:53 PM, Dominick Grift wrote: > > > Python is not really my thing so i will have to get used to it and explore my > options > > Its a cool module, has a few rough edges (but thats to be expected from > v0.0.0) > So far I’ve seen your concerns

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Karl MacMillan
> On May 8, 2017, at 3:32 PM, Dominick Grift wrote: > > On Mon, May 08, 2017 at 03:23:06PM -0400, Karl MacMillan wrote: >>> >> >> Thanks for making the Fedora SPEC. >> >> I know it’s a topic of great debate, but there are some nice things about >> just sticking with

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Karl MacMillan
> On May 8, 2017, at 5:32 AM, Dominick Grift wrote: > > On Mon, May 08, 2017 at 10:55:55AM +0200, Dominick Grift wrote: >> On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: >>> Dominick Grift wrote: On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 03:23:06PM -0400, Karl MacMillan wrote: > > > On May 7, 2017, at 5:39 AM, Dominick Grift wrote: > > > > On Sat, May 06, 2017 at 07:19:20PM +0200, Dominick Grift wrote: > >> On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote: > >>> On

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Karl MacMillan
> On May 7, 2017, at 5:39 AM, Dominick Grift wrote: > > On Sat, May 06, 2017 at 07:19:20PM +0200, Dominick Grift wrote: >> On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote: >>> On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote: [snip]

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Mon, May 08, 2017 at 10:55:55AM +0200, Dominick Grift wrote: > On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: > > Dominick Grift wrote: > > > On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the > > > > Dominick Grift wrote: > > > > > > > > > > > > > The idea is

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-08 Thread Dominick Grift
On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: > Dominick Grift wrote: > > On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the > > > Dominick Grift wrote: > > > > > > > > > > The idea is nice, unfortunately its inflexible and it has > > > > hard-references to

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Dominick Grift
On Sun, May 07, 2017 at 03:42:50PM -0400, Joshua Brindle wrote: > Dominick Grift wrote: > > On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the > > > Dominick Grift wrote: > > > > > > > > > > The idea is nice, unfortunately its inflexible and it has > > > > hard-references to

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Joshua Brindle
Dominick Grift wrote: On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the Dominick Grift wrote: The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough. Of course, it is an analysis of a

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Dominick Grift
On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote: > Dominick Grift wrote: > > > > The idea is nice, unfortunately its inflexible and it has hard-references > > to reference policy all-over. It has potential but it is still rough. > > > > Of course, it is an analysis of a

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Dominick Grift
On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote: > Dominick Grift wrote: > > > > The idea is nice, unfortunately its inflexible and it has hard-references > > to reference policy all-over. It has potential but it is still rough. > > > > Of course, it is an analysis of a

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Joshua Brindle
Dominick Grift wrote: The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough. Of course, it is an analysis of a refpolicy-based policy. If you want to analyze a different policy (e.g., Android or

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-07 Thread Dominick Grift
On Sat, May 06, 2017 at 07:19:20PM +0200, Dominick Grift wrote: > On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote: > > On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote: > > > On Fri, May 05, 2017 at 02:27:05PM -0400, Karl MacMillan wrote: > > > > I’d like to announce

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-06 Thread Dominick Grift
On Sat, May 06, 2017 at 06:19:56PM +0200, Dominick Grift wrote: > On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote: > > On Fri, May 05, 2017 at 02:27:05PM -0400, Karl MacMillan wrote: > > > I’d like to announce SPAN - SELinux Policy Analysis Notebook > > >

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-06 Thread Dominick Grift
On Sat, May 06, 2017 at 04:03:58PM +0200, Dominick Grift wrote: > On Fri, May 05, 2017 at 02:27:05PM -0400, Karl MacMillan wrote: > > I’d like to announce SPAN - SELinux Policy Analysis Notebook > > (https://github.com/QuarkSecurity/SPAN/ > > ). This is a

Re: Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-06 Thread Dominick Grift
On Fri, May 05, 2017 at 02:27:05PM -0400, Karl MacMillan wrote: > I’d like to announce SPAN - SELinux Policy Analysis Notebook > (https://github.com/QuarkSecurity/SPAN/ > ). This is a Jupyter notebook based > environment for SELinux policy analysis that

Announcing SPAN: SELinux Policy Analysis Notebook

2017-05-05 Thread Karl MacMillan
I’d like to announce SPAN - SELinux Policy Analysis Notebook (https://github.com/QuarkSecurity/SPAN/ ). This is a Jupyter notebook based environment for SELinux policy analysis that let’s you mix queries, Python code, and Markdown formatted notes into an