Tetsuo Handa
from-****@I-lov*****
Wed Feb 9 21:49:28 JST 2011
TOMOYO
ForkJamie Nguyen wrote:
> So I am now very nearly finished with writing 1.8 documentation.
Great!
> Hopefully in the next couple of days it will all be done. I need to
> write chapter-12.html.en which will be on judging execute request
> outside of the kernel and use of the execute handlers and
> audit-exec-param. And chapter-3.html.en only has place holders and
> must be replaced with real installation instructions. When all is done
> I will do a final proof read for typos.
>
> The docs related to
> android/cat760/meego/sftp/ssh-protection/ssh-recording/ssh-split I
> have merely restyled. I have no plans to change any of the core text.
> I also worked through tool-editpolicy.html.en and made it shorter,
> removing some pictures. Feel free to add back any pictures you want if
> you think I have removed too much.
I see.
> 1) Could you please briefly check through the contents of
> htdocs/1.8-tmp and let me know if there is any major changes you want
> me to make, or whether there is something missing etc. ?
Maybe "Appendix A: Specification" shoule be "Appendix A: Policy Specification"
and contain only policy specification. It became difficult to find the keyword
in policy files.
The specification/section-1.html.en ("A1: The userspace tools") could be moved
to man-pages/index.html.en , and the specification/section-8.html.en
("A8: Authentication programs") could be moved to "Appendix J:".
By moving A1 and A8 from specification/index.html.en ,
"Appendix A: Specification" clearly becomes "Appendix A: Policy Specification".
I noticed that
The directory pathname must start and end with "/" and must not contain
symbolic links, "//", "/./" or "/../".
like tags/htdocs/1.8-tmp/section-7.html.en#file_pivot_root should be removed
because a canonicalized pathname may no longer start with / .
People think
TOMOYO Linux provides the ability to generate policy automatically
in 1.8-tmp/chapter-2.html.en#2.3 as important, but I don't think so. For me,
it is no different from SELinux's audit2allow command or AppArmor's genprof
command. The important thing for me is that users can configure TOMOYO with
understanding. Configuring with understanding is important for troubleshooting.
Thus, the statement should also refer configurability, customizability,
managability, understandability etc.
> 2) Also, I have implemented 1.8-tmp/tutorial-{15,16}.html.en in docs.
> However, the "About keep_domain keyword" section of
> tutorial-17.html.en seems to be a verbose explanation of how to limit
> memory usage. I think I can insert a shorter version in
> 1.8-tmp/chapter-5.html.en#5.5 (or create chapter-5.html.en#5.6). The
> "About execute handler mechanism" section of tutorial-17.html.en I
> will place in chapter-12.html.en that I mentioned above. Thus, the
> content that is left in tutorial-17 is the information about
> difference between 1.7 and 1.8...I personally think this is more
> relevant for release notes, but not in documentation so I will not
> include. Do you have any objections?
OK.
> 3) Do you feel that we need to place verbose instructions in the
> chapter-3.html.en about GRUB? I might just add a small note saying
> something like "consult distro and bootloader docs for information".
That will be sufficient.
By the way, on the LSM ML, David Howells (the credentials maintainer) proposed
a method for running multiple LSM modules in parallel. He tried to run SELinux
and TOMOYO 2.3 in parallel and confirmed that SELinux and TOMOYO can run
simultaneously on his test machine (because there is no interface conflict).
During his attempt, he reviewed ccs-tools package and gave me some suggestions.
I made some of changes where possible.
I changed to use readymade manpages in order to remove help2man and gzip
dependency.
I removed example programs (e.g. falsh, candy, proxy) from usr_lib_ccs/
directory (and moved to examples/ directory) in order to remove
readline-devel dependency and keep /usr/lib/ccs/ clean. Now these example
programs will not be compiled unless user explicitly compiles manually (as
with programs listed in sftp/ssh-protection/ssh-recording/ssh-split pages).
He also suggested to use /usr/libexec/ccs/ rather than /usr/lib/ccs/ .
Do you think we should move from /usr/lib/ccs/ to /usr/libexec/ccs/ ?
I changed to use /bin/sh and removed executable bit from man page generator
scripts.
I changed to use install command rather than cp/chmod/chown commands.
(I hope all development environments provide install command.)
I removed usr_share_man/ directory from "all" and "clean" targets because
usr_share_man/man8/ directory now contains readymade manpages.
I added Include.make which keeps configuration variables and changed to use
$RPM_OPT_FLAGS when building as an RPM package.
I removed dummy from usr_sbin/ and usr_lib_ccs/ directories that is used when
build failed (likely due to lack of ncurses-devel or readline-devel).
(I added dummy for ignoring errors when compiling for non-PC environments
where ccs-editpolicy won't be required by that environment.)
Also, Casey Schaufler (the Smack maintainer) is considering proposing another
method for running multiple LSM modules in parallel. Maybe something big change
happens to LSM around 2.6.39 or 2.6.40.