> On May 8, 2017, at 5:47 PM, Dominick Grift <dac.overr...@gmail.com> wrote: > > On Mon, May 08, 2017 at 10:40:53PM +0200, Dominick Grift wrote: >> On Mon, May 08, 2017 at 04:09:16PM -0400, Karl MacMillan wrote: >>> >>>> On May 8, 2017, at 3:49 PM, Dominick Grift <dac.overr...@gmail.com> wrote: >>>> >> >>> >>> And if you mean specifically in the context of DSSP, like I said I bet the >>> changes would be minimal. So if you are interested in giving it a try I’ll >>> be happy to look at the changes needed and give you a hand. >> >> I agree, and ive said that when I said: "a few rough edges" Its close the >> usable with DSSP. It just needs to deal with some of the current assumptions: >> >> ill point out some: >> >> 1. return self.grep(name, "*.te", self.modules_path) # what about .cil >> suffixed files? > > We should make this customizable something like: source_policy_suffix = > > Because we would need to catch *.conf , *.te , *.cil and any future high > level source policy files that leverage cil >
Like I said, I just renamed the PolicySource object to reflect that it’s specific to reference policy. Feel free to send a patch adding a DSSP object that implements the changes that you think are needed. [deleted many similar requests] > >> 5. any references to type attributes should be customizable: ie. >> process_types = ... filesystem_types = ... etc > > I do not consider Linux access vectors to be customizable, unlike types > ,attributes, booleans, tunables etc) > I know what you mean, but I have to point out that the domain attribute has been much more stable across many different operating systems than the object classes and access vectors. Thanks - Karl