[patch] Add SELinux mediation on sender -> service context, add unlabeled context

Havoc Pennington hp at redhat.com
Sat Nov 20 09:05:50 PST 2004


Hi,

A general thing that would help me understand the patch would be to
update the docs (especially the selinux and <associate> sections in the
man page). I have to admit I'm a bit confused keeping track of all this,
especially how it interacts with normal dbus policies. If you're going
to explain it to me you may as well do so by writing the man page
patch ;-)

Also, isn't there any way we can get unit test coverage on this selinux
stuff? I know it's a bit hard since it has dependencies on how the
system is set up, but it seems like at minimum we should be able to
create fake/stub selinux calls that are used during the unit test
process, so we know that the rest of the code is right. Use "make check-
coverage" to see where coverage stands. After running it, decode-gcov
foo.c should show annotated coverage of foo.c and there's a coverage-
report.txt with the overall coverage.

Havoc




More information about the dbus mailing list