Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SELinux: Use kernel_read_fs_sysctls interface instead custom policy #1923

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SELinux: Use kernel_read_fs_sysctls interface instead custom policy #1923

wants to merge 1 commit into from

Conversation

grulja
Copy link
Contributor

@grulja grulja commented Mar 3, 2025

The kernel_read_fs_sysctls interface does exactly the same thing and we don't reinvent the wheel. It's also easier to maintain.

Supersedes #1918

@grulja
Copy link
Contributor Author

grulja commented Mar 3, 2025

CC @zpytela for double-check.

@zpytela
Copy link
Contributor

zpytela commented Mar 3, 2025

Correct, also improves legibility and is just the correct way: For using types from other modules, including base, interfaces should be used.

Now similar changes should also apply to other parts, it may not be that easy this time.

@grulja
SELinux: Use kernel_read_fs_sysctls interface instead custom policy
42d1a96 
The kernel_read_fs_sysctls interface does exactly the same thing and we
don't reinvent the wheel. It's also easier to maintain.
@grulja grulja force-pushed the nofile-unlimited branch from 1a56d96 to 42d1a96 Compare March 3, 2025 11:26
@grulja
Copy link
Contributor Author

grulja commented Mar 3, 2025

Now similar changes should also apply to other parts, it may not be that easy this time.

What do you mean by that?

@zpytela
Copy link
Contributor

zpytela commented Mar 3, 2025

👍

@zpytela
Copy link
Contributor

zpytela commented Mar 3, 2025

Now similar changes should also apply to other parts, it may not be that easy this time.

What do you mean by that?

For using types from other modules interfaces should be used. No direct reference to gconf_home_t and admin_home_t.

@grulja
Copy link
Contributor Author

grulja commented Mar 3, 2025

Now similar changes should also apply to other parts, it may not be that easy this time.

What do you mean by that?

For using types from other modules interfaces should be used. No direct reference to gconf_home_t and admin_home_t.

I see. The use of gconf_home_t was introduced by 337c136, but admin_home_t is what I added recently.

What complications this can cause? Or is it just the right thing to do?

@zpytela
Copy link
Contributor

zpytela commented Mar 28, 2025

What complications this can cause? Or is it just the right thing to do?

To ensure types from other modules are handled properly, e. g. when a particular module is disabled.

Certainly it is the right thing, improves legibility and maintenance etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zpytela zpytela zpytela left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@grulja @zpytela