From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Pusyk-0007YS-9Q for garchives@archives.gentoo.org; Wed, 02 Mar 2011 20:49:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1D6FE1C074; Wed, 2 Mar 2011 20:48:25 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E11821C074 for ; Wed, 2 Mar 2011 20:48:24 +0000 (UTC) Received: from pelican.gentoo.org (unknown [66.219.59.40]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6F6761B405F for ; Wed, 2 Mar 2011 20:48:24 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by pelican.gentoo.org (Postfix) with ESMTP id CC7C88006A for ; Wed, 2 Mar 2011 20:48:23 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <381ff168558a6cdf10b1f0112e068e7e266dfdba.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/ X-VCS-Repository: proj/hardened-docs X-VCS-Files: xml/selinux/hb-using-policymodules.xml X-VCS-Directories: xml/selinux/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 381ff168558a6cdf10b1f0112e068e7e266dfdba Date: Wed, 2 Mar 2011 20:48:23 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 145ee5d7ebed80847d0d852e1b383d47 commit: 381ff168558a6cdf10b1f0112e068e7e266dfdba Author: Sven Vermeulen siphos be> AuthorDate: Wed Mar 2 20:42:37 2011 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Wed Mar 2 20:42:37 2011 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-docs= .git;a=3Dcommit;h=3D381ff168 Improve information on reference policy writing a bit --- xml/selinux/hb-using-policymodules.xml | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) diff --git a/xml/selinux/hb-using-policymodules.xml b/xml/selinux/hb-usin= g-policymodules.xml index f716e5d..c27df36 100644 --- a/xml/selinux/hb-using-policymodules.xml +++ b/xml/selinux/hb-using-policymodules.xml @@ -7,8 +7,8 @@ =20 -0 -2010-12-01 +1 +2011-03-02 =20
Writing Simple Policies @@ -218,8 +218,15 @@ This interface allows other modules to use the mozilla_read_user_home_files function if they want their domain t= o be able to (in this case) read the files in the mozilla_home_t domain. Of c= ourse, they can add all statements inside their own definition, but then they w= ould -have to require that the mozilla module is loaded or known. Instead, dev= elopers -can optionally call an interface. +have to require that the mozilla module is loaded, which might be a wron= g +assumption, and duplicate the same allow statements for each application= . +The use of interfaces makes policy development easier. +

+ +

+Also, the reference policy allows the use of optional statements: +a module can call an interface of another module, but this may not fail = if +the other module is not available on a users' system.

=20