From: russell@coker.com.au (Russell Coker) Date: Mon, 29 Sep 2008 12:50:22 +1000 Subject: [refpolicy] policy_module() vs file name Message-ID: <200809291250.24425.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Currently we have a standard practice (as implemented in about 99% of all modules) of having the name passed to the policy_module() macro be the same as the basename of the policy source file used minus the ".te" extension. For example the file policy/modules/system/getty.te contains "policy_module(getty,1.6.0)". We currently have some exceptions to this rule, iscsi.te (module name iscsid), and audioentropy.te (module name audio_entropy). It seems to me that having the build system permit this (as is currently the case) is just asking for trouble. It allows the creation of a policy whereby it can be unreasonably difficult for a human (and impossible for a script) to determine which .pp file is the origin of a module. The minimal solution to this would be to have the build system refuse to build such a module. To avoid problems in the short-term we need to change the policy_module lines in iscsi.te and audioentropy.te (I've done that in my tree). If someone is looking for something to work on then a "make check" target for the policy which checks for a variety of silly things of this calibre would be a good idea. Something that people who do serious policy work could run as a nightly cron job. -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development