On Fri, Oct 27, 2017 at 07:38:39AM -0700, Peter wrote: > On 10/27/2017 07:36 AM, Petr Lautrbach wrote: > > On Fri, Oct 27, 2017 at 07:02:54AM -0700, Peter wrote: > > > Thanks, I think this is good start. > > > > > > I think what we'd want to do is write up a feature page. Using > > > https://github.com/cockpit-project/cockpit/wiki/Feature-template > > > > > > That will help us finish the user stories and design. > > > > I'll rewrite it into the template. Should I create a new page or do you > > want read and review it somewhere first and then move it to > > https://github.com/cockpit-project/cockpit/wiki/ ? > > > > Starting a new page on the wiki is fine. We can all edit it there.
So the page is here https://github.com/cockpit-project/cockpit/wiki/Feature:-Manage-SELinux-policy There are 2 stories of 2 personas which I think describe expected usage. I'm not sure how to describe Workflows but in Prior Art it's documented as it is now. > > > > > > I do have some concerns about the dbus api. If it's just a wrapper around > > > semanage and we still need to parse the output. What are the advantages of > > > calling it instead of just running the semanage commands directly from > > > cockpit. > > > > As dbus interface was split from policycoreutils in recent SELinux > > Userspace release 2.7, it could be rewritten so that it would use > > libsemanage > > bindings instead of semanage command. But it's not even on the plan yet so > > pure > > speculation. > > > > Currently there's no advantage. It's listed as a possibility as > > DBUS interface seems to be preferred and for the purpose of the feature > > it should be sufficient. > > > > Thanks, > > > > Petr > > > > > On 10/27/2017 05:35 AM, Petr Lautrbach wrote: > > > > Hi, > > > > > > > > there's already an epic in trello related to Improved SELinux > > > > troubleshooting and Management [1]. There seems to be missing a > > > > user story for SELinux management so I put together a document which > > > > should cover basic SELinux local policy management using either semanage > > > > command or org.selinux DBUS interface: > > > > > > > > https://plautrba.fedorapeople.org/manage-local-selinux-policy-in-cockpit.html > > > > > > > > I'd like to ask you for a review and comments if it makes sense and for > > > > help with design for this effort when there's an agreement > > > > > > > > [1] > > > > https://trello.com/c/WiFrlt4C/381-epic-improved-selinux-troubleshooting-and-management > > > > > > > > Thanks, > > > > > > > > Petr > > > > _______________________________________________ > > > > cockpit-devel mailing list -- [email protected] > > > > To unsubscribe send an email to > > > > [email protected] > > > > > > > _______________________________________________ > > > cockpit-devel mailing list -- [email protected] > > > To unsubscribe send an email to [email protected] > > _______________________________________________ > > cockpit-devel mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > > _______________________________________________ > cockpit-devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ cockpit-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
