From: guido@trentalancia.com (Guido Trentalancia) Date: Wed, 09 Mar 2011 15:41:43 +0100 Subject: [refpolicy] [PATCH 13/34]: patch to allow networkmanager dbus chat In-Reply-To: References: <1297836836.3205.56.camel@tesla.lan> <4D651B7A.4010100@tresys.com> <1298487030.29671.20.camel@tesla.lan> <4D74E408.2050501@tresys.com> <1299517796.2978.41.camel@tesla.lan> <4D7533E5.9050806@tresys.com> <1299533995.2967.23.camel@tesla.lan> <1e2c5493-fd5d-4770-8bfe-fb0b0ad05234@email.android.com> <1299664151.1680.11.camel@tesla.lan> Message-ID: <1299681703.2948.42.camel@tesla.lan> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 09/03/2011 at 22.23 +1100, Russell Coker wrote: > >> >It's just something very simple. A make target which runs ps axZ (as > >> >sysadm) and compares a few very basic things: > >> > > >> >- if init has properly transitioned to its context (apparently at > >the > >> >moment no one cares if it hasn't, which is quite worrying as > >everything > >> > >> I am working on test VMs for Debian now and plan to do such things. > > > >Excellent. What do you mean for VMs ? In any case if you have time to > >do > > I am going to setup virtual machines for testing different configurtions. > > >it then please try to do something which applies to everybody and can > >then be customized for Debian > > For domain transitions it is mostly a matter of having a cron job or nagios entry that searches for wrong entries such as processes in kernel_t or initrc_t. What's wrong with just a "make check" target in refpolicy ? There is major limitation with this: reboot and/or restarting of services required. In the simple solution that I was thinking of, this limitation could be documented and printed out: echo $limitation ; sleep 10 ; carry out basic sanity checks. It's still better than nothing. And the idea of developing more advanced tests with time sounds quite attractive to me. > >> You shoud configure your phone to send through a smart host. I am > >going to run such a server for SE testing, contact me off list for an > >account. > > > >Yes, of course if I change my SMTP server... But most people are not > >bothered of doing that. I think the idea behind stuff such as barracuda > >is good but unfortunately it does not be apply very well to the case of > >dynamically assigned addresses. > > Blocking dynamic addresses is a standard practice. Everyone who is capable of doing free software development is capable of configuring their MUA. Personally I would never do that outside of my home because I would not be able to afford the risk of loosing something at work. Filtering based on message content and other patterns sounds more reliable to me. And they are not proprietary/commercial solutions: I have control over that. > >I had to reply on the list in any case because of the other issues. > >Perhaps you can send me an account off-list... The same thing happened > >with your address Russell. > > Ok That's very kind of you. Cheers. Guido