On 11/4/07, Pavel Machek <[EMAIL PROTECTED]> wrote: > Hi! > > > > Still to come: > > > > > > - Final cleanup of smack_load_write and smack_cipso_write. > > > > Hi All, > > > > After agreeing with Casey on the "load" input grammar yesterday, here's > > the final grammar and its parser (which needs more testing): > > > > A Smack Rule in an "egrep" format is: > > > > "^[:space:]*Subject[:space:]+Object[:space:]+[rwxaRWXA-]+[:space:]*\n" > > > > where Subject/Object strings are in the form: > > > > "^[^/[:space:][:cntrl:]]{1,SMK_MAXLEN}$" > > Can we avoid string parsers in the kernel? >
I've suggested that at first, but (hoping not to misquote Al) Al viro said that the parsing is simple enough and no need exists for a user-space utility. > > > +static inline int isblank(char c) > > +{ > > + return (c == ' ' || c == '\t'); > > +} > > This sounds like enough for 'NAK'. > Would you please show the reason for the NAK so I can modify the code ? Thank you, > Pavel, > who still thinks smack rules should be parsed > in userspace and compiled into selinux rules... > -- Ahmed S. Darwish Homepage: http://darwish.07.googlepages.com Blog: http://darwish-07.blogspot.com - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html