From: "Ahmed S. Darwish" <darwish.07@gmail.com>
To: Pavel Machek <pavel@ucw.cz>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
akpm@osdl.org, torvalds@osdl.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Al Viro <viro@ftp.linux.org.uk>
Subject: Re: [PATCH] Smackv10: Smack rules grammar + their stateful parser
Date: Mon, 5 Nov 2007 11:41:25 +0200
Message-ID: <20071105094007.GA19367@ubuntu> (raw)
In-Reply-To: <20071104122848.GC3921@ucw.cz>
On Sun, Nov 04, 2007 at 12:28:48PM +0000, Pavel Machek wrote:
> Hi!
>
> > > Still to come:
> > >
> > > - Final cleanup of smack_load_write and smack_cipso_write.
> >
> > Hi All,
> >
> > After agreeing with Casey on the "load" input grammar yesterday, here's
> > the final grammar and its parser (which needs more testing):
> >
> > A Smack Rule in an "egrep" format is:
> >
> > "^[:space:]*Subject[:space:]+Object[:space:]+[rwxaRWXA-]+[:space:]*\n"
> >
> > where Subject/Object strings are in the form:
> >
> > "^[^/[:space:][:cntrl:]]{1,SMK_MAXLEN}$"
>
> Can we avoid string parsers in the kernel?
>
Ok, Could someone suggest a better idea please ?.
I thought about packing the rules in a structure and sending
it over an ioctl() command. Is this applicable ?
>
> > +static inline int isblank(char c)
> > +{
> > + return (c == ' ' || c == '\t');
> > +}
>
> This sounds like enough for 'NAK'.
>
> Pavel,
> who still thinks smack rules should be parsed
> in userspace and compiled into selinux rules...
>
> --
> (english) http://www.livejournal.com/~pavelmachek
> (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply index
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-02 20:50 [PATCH] Version 10 (2.6.24-rc1) Smack: Simplified Mandatory Access Control Kernel Casey Schaufler
2007-11-03 16:43 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Ahmed S. Darwish
2007-11-03 18:30 ` Kyle Moffett
2007-11-03 22:12 ` Ahmed S. Darwish
2007-11-04 12:28 ` Pavel Machek
2007-11-04 13:23 ` Ahmed S. Darwish
2007-11-04 16:37 ` Casey Schaufler
2007-11-05 9:41 ` Ahmed S. Darwish [this message]
2007-11-05 16:21 ` Linus Torvalds
2007-11-05 21:56 ` Tetsuo Handa
2007-11-06 10:00 ` Adrian Bunk
2007-11-06 12:27 ` Tetsuo Handa
2007-11-06 13:58 ` Adrian Bunk
2007-11-06 14:32 ` Tetsuo Handa
2007-11-06 14:59 ` Adrian Bunk
2007-11-06 15:27 ` Tetsuo Handa
2007-11-06 22:42 ` Adrian Bunk
2007-11-05 23:38 ` Ahmed S. Darwish
2007-11-06 8:06 ` Adrian Bunk
2007-11-06 15:39 ` Linus Torvalds
2007-11-06 23:00 ` Adrian Bunk
2007-11-06 23:08 ` Linus Torvalds
2007-11-07 0:07 ` Adrian Bunk
2007-11-07 0:27 ` Linus Torvalds
2007-11-07 0:43 ` Adrian Bunk
2007-11-07 1:03 ` Tetsuo Handa
2007-11-07 1:06 ` Linus Torvalds
2007-11-07 1:59 ` Adrian Bunk
2007-11-07 4:09 ` Linus Torvalds
2007-11-07 15:08 ` Alan Cox
2007-11-04 20:06 ` Ahmed S. Darwish
2007-11-05 0:56 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser(2) Ahmed S. Darwish
2007-11-10 17:05 ` Jakob Oestergaard
2007-11-10 19:45 ` Ahmed S. Darwish
2007-11-11 12:44 ` Pavel Machek
2007-11-11 18:37 ` Ahmed S. Darwish
2007-11-06 6:33 ` [PATCH] Smackv10: Smack rules grammar + their stateful parser Adrian Bunk
2007-11-06 8:26 ` Kyle Moffett
2007-11-06 8:56 ` Adrian Bunk
2007-11-06 11:02 ` Alan Cox
2007-11-06 11:34 ` Ahmed S. Darwish
2007-11-06 11:47 ` Adrian Bunk
2007-11-06 12:23 ` Ahmed S. Darwish
2007-11-06 12:49 ` Kyle Moffett
2007-11-06 13:34 ` Adrian Bunk
2007-11-06 14:05 ` Ahmed S. Darwish
2007-11-06 14:10 ` Adrian Bunk
2007-11-06 14:30 ` Ahmed S. Darwish
2007-11-06 15:53 ` Linus Torvalds
2007-11-07 10:56 ` [PATCH] Fix isspace() and other ctype.h functions to ignore chars 128-255 Kyle Moffett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071105094007.GA19367@ubuntu \
--to=darwish.07@gmail.com \
--cc=akpm@osdl.org \
--cc=casey@schaufler-ca.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pavel@ucw.cz \
--cc=torvalds@osdl.org \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lkml.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lkml.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lkml.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lkml.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lkml.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lkml.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lkml.kernel.org/lkml/6 lkml/git/6.git
git clone --mirror https://lkml.kernel.org/lkml/7 lkml/git/7.git
git clone --mirror https://lkml.kernel.org/lkml/8 lkml/git/8.git
git clone --mirror https://lkml.kernel.org/lkml/9 lkml/git/9.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lkml.kernel.org/lkml \
linux-kernel@vger.kernel.org
public-inbox-index lkml
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git