On 04/24/2014 01:08 PM, Jan Synacek wrote:
On 04/23/2014 03:31 PM, Jan Safranek wrote:
The second version looks production-ready, just two remarks:
On 04/17/2014 10:23 AM, Jan Synacek wrote:
- LMI_SELinuxFile: we already have context and expected
context as properties of LMI_UnixFile, it does not seem appropriate to provide them again in LMI_SELinuxFile (rendering LMI_SELinuxElementWithContext practically useless...) - also, enumeration of this class must be disabled, which makes creation of references pretty hard.
I wanted the file class to fit into the whole model -- inherit from LMI_SELinuxElement. I know about the contexts in LMI_UnixFile and I wanted to remove them from there. The best solution would probably be if LMI_UnixFile inherited from LMI_SELinuxElement, which would be multiple inheritance and that is not allowed.
We cannot easily remove stuff from already published LogicalFile provider, it would need to bump major version for that.
Stick to the attributes in LMI_UnixFile and don't create redundant ones in SELinux provider.
Fixed.
- LMI_SELinuxService.RestoreLabel: it should also export list
of changes it did, in the very same way as GetMislabeledFiles() should do. Maybe there could be just one method with two modes - dry run / normal run?
Good point. Redesigned.
LMI_SELinuxService.ProcessTarget() is really bad name, all it can do is to check and optionally restore labels on mislabeled files, what about:
uint32 CheckFiles(string Target, uint16 Action('fix'/'report only'), boolean Recursively, [out] Job)
Ok, I changed the name to RestoreLabels, so it has "Restore" in the name, as "restorecon" does.
Cool, thanks a lot for the design! I'm looking forward for implementation :-).
Jan