Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
	akpm@osdl.org, torvalds@osdl.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org, Al Viro <viro@ftp.linux.org.uk>
Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser
Date: Mon, 5 Nov 2007 11:41:25 +0200	[thread overview]
Message-ID: <20071105094007.GA19367@ubuntu> (raw)
In-Reply-To: <20071104122848.GC3921@ucw.cz>

On Sun, Nov 04, 2007 at 12:28:48PM +0000, Pavel Machek wrote:
> Hi!
> 
> > > Still to come:
> > > 
> > >   - Final cleanup of smack_load_write and smack_cipso_write.
> > 
> > Hi All,
> > 
> > After agreeing with Casey on the "load" input grammar yesterday, here's
> > the final grammar and its parser (which needs more testing):
> > 
> > A Smack Rule in an "egrep" format is:
> > 
> > "^[:space:]*Subject[:space:]+Object[:space:]+[rwxaRWXA-]+[:space:]*\n"
> > 
> > where Subject/Object strings are in the form:
> > 
> > "^[^/[:space:][:cntrl:]]{1,SMK_MAXLEN}$"
> 
> Can we avoid string parsers in the kernel?
> 

Ok, Could someone suggest a better idea please ?. 

I thought about packing the rules in a structure and sending
it over an ioctl() command. Is this applicable ?

> 
> > +static inline int isblank(char c)
> > +{
> > +	return (c == ' ' || c == '\t');
> > +}
> 
> This sounds like enough for 'NAK'.
> 
> 						Pavel,
> 		who still thinks smack rules should be parsed
> 		in userspace and compiled into selinux rules...
> 		
> -- 
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

next prev parent reply	other threads:[~2007-11-05  9:41 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-02 20:50 [PATCH] Version 10 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-11-03 16:43 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Ahmed S. Darwish
2007-11-03 18:30   ` Kyle Moffett
2007-11-03 22:12     ` Ahmed S. Darwish
2007-11-04 12:28   ` Pavel Machek
2007-11-04 13:23     ` Ahmed S. Darwish
2007-11-04 16:37       ` Casey Schaufler
2007-11-05  9:41     ` Ahmed S. Darwish [this message]
2007-11-05 16:21       ` Linus Torvalds
2007-11-05 21:56         ` Tetsuo Handa
2007-11-06 10:00           ` Adrian Bunk
2007-11-06 12:27             ` Tetsuo Handa
2007-11-06 13:58               ` Adrian Bunk
2007-11-06 14:32                 ` Tetsuo Handa
2007-11-06 14:59                   ` Adrian Bunk
2007-11-06 15:27                     ` Tetsuo Handa
2007-11-06 22:42                       ` Adrian Bunk
2007-11-05 23:38         ` Ahmed S. Darwish
2007-11-06  8:06         ` Adrian Bunk
2007-11-06 15:39           ` Linus Torvalds
2007-11-06 23:00             ` Adrian Bunk
2007-11-06 23:08               ` Linus Torvalds
2007-11-07  0:07                 ` Adrian Bunk
2007-11-07  0:27                   ` Linus Torvalds
2007-11-07  0:43                     ` Adrian Bunk
2007-11-07  1:03                       ` Tetsuo Handa
2007-11-07  1:06                       ` Linus Torvalds
2007-11-07  1:59                         ` Adrian Bunk
2007-11-07  4:09                           ` Linus Torvalds
2007-11-07 15:08                           ` Alan Cox
2007-11-04 20:06   ` Ahmed S. Darwish
2007-11-05  0:56   ` [PATCH] Smackv10: Smack rules grammar + their stateful parser(2) Ahmed S. Darwish
2007-11-10 17:05     ` Jakob Oestergaard
2007-11-10 19:45       ` Ahmed S. Darwish
2007-11-11 12:44     ` Pavel Machek
2007-11-11 18:37       ` Ahmed S. Darwish
2007-11-06  6:33   ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Adrian Bunk
2007-11-06  8:26     ` Kyle Moffett
2007-11-06  8:56       ` Adrian Bunk
2007-11-06 11:02         ` Alan Cox
2007-11-06 11:34         ` Ahmed S. Darwish
2007-11-06 11:47           ` Adrian Bunk
2007-11-06 12:23             ` Ahmed S. Darwish
2007-11-06 12:49               ` Kyle Moffett
2007-11-06 13:34                 ` Adrian Bunk
2007-11-06 14:05                   ` Ahmed S. Darwish
2007-11-06 14:10                     ` Adrian Bunk
2007-11-06 14:30                       ` Ahmed S. Darwish
2007-11-06 15:53                 ` Linus Torvalds
2007-11-07 10:56                   ` [PATCH] Fix isspace() and other ctype.h functions to ignore chars 128-255 Kyle Moffett

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071105094007.GA19367@ubuntu \
    --to=darwish.07@gmail.com \
    --cc=akpm@osdl.org \
    --cc=casey@schaufler-ca.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=pavel@ucw.cz \
    --cc=torvalds@osdl.org \
    --cc=viro@ftp.linux.org.uk \
    --subject='Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
on how to clone and mirror all data and code used for this inbox