Welcome back Christopher and thanks for your kind message of
acknowledgement.
On Mon, 31/01/2011 at 14.52 -0500, Christopher J. PeBenito wrote:
> On 1/23/2011 7:43 PM, Guido Trentalancia wrote:
> I didn't look at all of the patches in deep detail, as Dominick gave you
> some excellent feedback while I was gone last week.
Yes, Dominick is providing substantial contribution to the work being
discussed in the form of excellent feedback and very valuable
suggestions.
> One thing I want to clarify for each of the actual patches you need:
>
> * a better subject: "patch set to update the git reference policy" isn't
> very informative.
Then, it would probably be impossible to submit a patch set at all. We
will just have many individual, separate patches. Because the whole
patch set aims to tackle very different issues in many different places
that it would probably be impossible to summarize everything in the
subject.
> * a detailed description of what the patch does.
Sure. It will be done.
> This will help facilitate review of the patches, and will help us
> understand the details.
In general, the set of patches is the result of testing refpolicy on a
very recent generic Linux installation. It aims to fix generic issues
with a few essential modules while trying to use the latest refpolicy on
a recent unbranded Linux installation.
There is a particular issue that is awaiting your direction. Could you
please have a look at the dbus_chat/dbus_send (bi-directional versus
uni-directional "send_msg" permission in the context of DBus). For
example, message thread [8/19] timestamped Thu 27 Jan 2011 01:37:12
+0100, Thu 27 Jan 2011 10:16:25 +0100.
Another very interesting issue is in the same thread [8/19] with
timestamp Fri 28 Jan 2011 18:01:43 +0100 (xdg configuration files, both
of us were trying to get some consensus on the need to have a new
label).
Yet another interesting issue is again in thread [8/19] with timestamp
Sat 29 Jan 2011 09:31:33 +0100 (need for a new module to accommodate
system-tools-backends and inconclusive speculations on optional_policy
expansion).
Kind regards,
Guido
On Mon 31 Jan 21:18:57 2011, Guido Trentalancia wrote:
> On Mon, 31/01/2011 at 14.52 -0500, Christopher J. PeBenito wrote:
>> One thing I want to clarify for each of the actual patches you need:
>>
>> * a better subject: "patch set to update the git reference policy" isn't
>> very informative.
>
> Then, it would probably be impossible to submit a patch set at all. We
> will just have many individual, separate patches. Because the whole
> patch set aims to tackle very different issues in many different places
> that it would probably be impossible to summarize everything in the
> subject.
I think this is the point: because you deal with many different
issues, you do not really have a "set". Chris can decide
independently for each of the patches whether to apply it or not, and
that will (usually) not break and will cause a measurable improvement
in refpolicy.
The subject of each patch should be a short summary of what that
individual patch does, for example "dbus file labelling" for patch 1
and "Allow dbus messages" for patch 2. If you can't give such a label
to a particular patch, that might mean that you have divided up your
patches badly.
>> * a detailed description of what the patch does.
>
> Sure. It will be done.
>
>> This will help facilitate review of the patches, and will help us
>> understand the details.
>
> In general, the set of patches is the result of testing refpolicy on a
> very recent generic Linux installation. It aims to fix generic issues
> with a few essential modules while trying to use the latest refpolicy on
> a recent unbranded Linux installation.
--
Martin Orr
Hello Martin !
Thanks very much for your interest in this attempt to feed back some
possible improvements to the reference policy based upon testing on a
generic recent installation.
On Wed, 02/02/2011 at 23.52 +0000, Martin Orr wrote:
> On Mon 31 Jan 21:18:57 2011, Guido Trentalancia wrote:
> > On Mon, 31/01/2011 at 14.52 -0500, Christopher J. PeBenito wrote:
> >> One thing I want to clarify for each of the actual patches you need:
> >>
> >> * a better subject: "patch set to update the git reference policy" isn't
> >> very informative.
> >
> > Then, it would probably be impossible to submit a patch set at all. We
> > will just have many individual, separate patches. Because the whole
> > patch set aims to tackle very different issues in many different places
> > that it would probably be impossible to summarize everything in the
> > subject.
>
> I think this is the point: because you deal with many different
> issues, you do not really have a "set". Chris can decide
> independently for each of the patches whether to apply it or not, and
> that will (usually) not break and will cause a measurable improvement
> in refpolicy.
I will do my best. However, I am not entirely sure (and cannot
guarantee) that applying only a subset of the patches will lead to
desirable results. In general, they will be made as much independent
from each other as technically possible.
> The subject of each patch should be a short summary of what that
> individual patch does, for example "dbus file labelling" for patch 1
> and "Allow dbus messages" for patch 2. If you can't give such a label
> to a particular patch, that might mean that you have divided up your
> patches badly.
Yes, I will re-submit individual, disjoint patches so that each message
has a different subject. A short textual description at the beginning of
each message will summarize the aims of the patch that follows.
> >> * a detailed description of what the patch does.
> >
> > Sure. It will be done.
> >
> >> This will help facilitate review of the patches, and will help us
> >> understand the details.
> >
> > In general, the set of patches is the result of testing refpolicy on a
> > very recent generic Linux installation. It aims to fix generic issues
> > with a few essential modules while trying to use the latest refpolicy on
> > a recent unbranded Linux installation.
In general, it's just several tiny adjustments to some permissions in a
bunch of modules that I have tested. Something else might come at a
later time if I manage to test other modules or write new modules.
In the meanwhile, should you have other comments or questions to raise,
please do not hesitate to contact me.
Kind regards,
Guido