The attached patch (gzip compressed due to list size limits) sorts the
capabilities in alphabetical order which is also the order from the system
include files.
I used the below perl script to sort the capabilities and both inspected and
tested the result.
#!/usr/bin/perl
use strict;
while(<STDIN>)
{
if($_ =~ /capability.*{/)
{
chomp;
my @line = split /{/,$_;
my @end = split /}/,$line[1];
my $capabilities = join(' ', sort split / /,$end[0]);
print "$line[0]\{$capabilities }$end[1]\n";
}
else
{
print $_;
}
}
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: capability.diff.gz
Type: application/gzip
Size: 19488 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170212/c0b72289/attachment-0001.bin
On 02/12/17 04:23, Russell Coker via refpolicy wrote:
> The attached patch (gzip compressed due to list size limits) sorts the
> capabilities in alphabetical order which is also the order from the system
> include files.
>
> I used the below perl script to sort the capabilities and both inspected and
> tested the result.
I'm ok with the change, but I'm not clear why you made it. If it is
what you understood from the style guide, I really need to clarify it,
since this type of alphabetical sorting isn't required.
> #!/usr/bin/perl
> use strict;
>
> while(<STDIN>)
> {
> if($_ =~ /capability.*{/)
> {
> chomp;
> my @line = split /{/,$_;
> my @end = split /}/,$line[1];
> my $capabilities = join(' ', sort split / /,$end[0]);
> print "$line[0]\{$capabilities }$end[1]\n";
> }
> else
> {
> print $_;
> }
> }
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito
I'm just pendant about such things.
But it does make it easier to compare policy by looking at it if things are in the same order. If you have 2 lists of capabilities and one has an extra item it can take a minute if they are in random order.
On 13 February 2017 5:58:38 am LHDT, Chris PeBenito <[email protected]> wrote:
>On 02/12/17 04:23, Russell Coker via refpolicy wrote:
>> The attached patch (gzip compressed due to list size limits) sorts
>the
>> capabilities in alphabetical order which is also the order from the
>system
>> include files.
>>
>> I used the below perl script to sort the capabilities and both
>inspected and
>> tested the result.
>
>I'm ok with the change, but I'm not clear why you made it. If it is
>what you understood from the style guide, I really need to clarify it,
>since this type of alphabetical sorting isn't required.
>
>
>> #!/usr/bin/perl
>> use strict;
>>
>> while(<STDIN>)
>> {
>> if($_ =~ /capability.*{/)
>> {
>> chomp;
>> my @line = split /{/,$_;
>> my @end = split /}/,$line[1];
>> my $capabilities = join(' ', sort split / /,$end[0]);
>> print "$line[0]\{$capabilities }$end[1]\n";
>> }
>> else
>> {
>> print $_;
>> }
>> }
>>
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
--
Sent from my Nexus 6P with K-9 Mail.
On 02/12/17 20:59, Russell Coker wrote:
> I'm just pendant about such things.
>
> But it does make it easier to compare policy by looking at it if things are in the same order. If you have 2 lists of capabilities and one has an extra item it can take a minute if they are in random order.
True, but I don't plan on enforcing that it stays that way in the style
guide, so I don't know that it's worth applying.
> On 13 February 2017 5:58:38 am LHDT, Chris PeBenito <[email protected]> wrote:
>> On 02/12/17 04:23, Russell Coker via refpolicy wrote:
>>> The attached patch (gzip compressed due to list size limits) sorts
>> the
>>> capabilities in alphabetical order which is also the order from the
>> system
>>> include files.
>>>
>>> I used the below perl script to sort the capabilities and both
>> inspected and
>>> tested the result.
>>
>> I'm ok with the change, but I'm not clear why you made it. If it is
>> what you understood from the style guide, I really need to clarify it,
>> since this type of alphabetical sorting isn't required.
>>
>>
>>> #!/usr/bin/perl
>>> use strict;
>>>
>>> while(<STDIN>)
>>> {
>>> if($_ =~ /capability.*{/)
>>> {
>>> chomp;
>>> my @line = split /{/,$_;
>>> my @end = split /}/,$line[1];
>>> my $capabilities = join(' ', sort split / /,$end[0]);
>>> print "$line[0]\{$capabilities }$end[1]\n";
>>> }
>>> else
>>> {
>>> print $_;
>>> }
>>> }
>>>
>>>
>>>
>>> _______________________________________________
>>> refpolicy mailing list
>>> refpolicy at oss.tresys.com
>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>>
>
--
Chris PeBenito
They said the same when I first submitted a patch to remove whitespace at the end of lines. ;)
Capabilities are different from all the other object classes. There's no other object class with as many permissions that can each be usefully set independently.
On 14 February 2017 11:42:12 am LHDT, Chris PeBenito via refpolicy <[email protected]> wrote:
>On 02/12/17 20:59, Russell Coker wrote:
>> I'm just pendant about such things.
>>
>> But it does make it easier to compare policy by looking at it if
>things are in the same order. If you have 2 lists of capabilities and
>one has an extra item it can take a minute if they are in random order.
>
>True, but I don't plan on enforcing that it stays that way in the style
>
>guide, so I don't know that it's worth applying.
>
>
>> On 13 February 2017 5:58:38 am LHDT, Chris PeBenito
><[email protected]> wrote:
>>> On 02/12/17 04:23, Russell Coker via refpolicy wrote:
>>>> The attached patch (gzip compressed due to list size limits) sorts
>>> the
>>>> capabilities in alphabetical order which is also the order from the
>>> system
>>>> include files.
>>>>
>>>> I used the below perl script to sort the capabilities and both
>>> inspected and
>>>> tested the result.
>>>
>>> I'm ok with the change, but I'm not clear why you made it. If it is
>>> what you understood from the style guide, I really need to clarify
>it,
>>> since this type of alphabetical sorting isn't required.
>>>
>>>
>>>> #!/usr/bin/perl
>>>> use strict;
>>>>
>>>> while(<STDIN>)
>>>> {
>>>> if($_ =~ /capability.*{/)
>>>> {
>>>> chomp;
>>>> my @line = split /{/,$_;
>>>> my @end = split /}/,$line[1];
>>>> my $capabilities = join(' ', sort split / /,$end[0]);
>>>> print "$line[0]\{$capabilities }$end[1]\n";
>>>> }
>>>> else
>>>> {
>>>> print $_;
>>>> }
>>>> }
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> refpolicy mailing list
>>>> refpolicy at oss.tresys.com
>>>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>>>
>>
--
Sent from my Nexus 6P with K-9 Mail.
On Monday, 13 February 2017 7:42:12 PM AEDT Chris PeBenito wrote:
> On 02/12/17 20:59, Russell Coker wrote:
> > I'm just pendant about such things.
> >
> > But it does make it easier to compare policy by looking at it if things
> > are in the same order. If you have 2 lists of capabilities and one has an
> > extra item it can take a minute if they are in random order.
> True, but I don't plan on enforcing that it stays that way in the style
> guide, so I don't know that it's worth applying.
The patch I sent changes 230 instances to be alphabetically sorted. It will
take a long time for any significant portion of them to have the wrong order
by random policy changes. This is a once a decade change.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
On 02/12/17 04:23, Russell Coker via refpolicy wrote:
> The attached patch (gzip compressed due to list size limits) sorts the
> capabilities in alphabetical order which is also the order from the system
> include files.
Merged.
> I used the below perl script to sort the capabilities and both inspected and
> tested the result.
>
> #!/usr/bin/perl
> use strict;
>
> while(<STDIN>)
> {
> if($_ =~ /capability.*{/)
> {
> chomp;
> my @line = split /{/,$_;
> my @end = split /}/,$line[1];
> my $capabilities = join(' ', sort split / /,$end[0]);
> print "$line[0]\{$capabilities }$end[1]\n";
> }
> else
> {
> print $_;
> }
> }
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
--
Chris PeBenito