The beginning of a new era: Exclusive SELinux Livejournal Action
From now on (probably), my livejournal shall consist of my notes on and observations of Security Enhaced Linux, that wonderful and terrible Linux security module.
On with the revolution!
My first observation has mostly to do with SELinux, but also to do with Emacs. I wrote a module to confine a user (testing, testing) and it uses the userdom_unpriv_user_template() macro, which gives the specified user standard regular user permissions, including login from ssh and local and all other sorts of good stuff I don't understand yet. Now, this macro is expanded by the M4 macro processor native to all Linux machines. I have nothing against this macro processor, as it does its job as well as a macro processor might, but attempting to read the resulting expanded file is difficult because it is 90% useless comments and blank space, with the actual content obscured by awful spacing. Not only that, but the resulting file doesn't compile (in my experience)--it doesn't include Flask classes it needs to know about (such as...files). So I had to modify my module to include practically every single Flask class and their permissions. I'm not wholly opposed to having to include all of these things by hand (and will probably write a macro to do this for me anyway), but using a macro should not result in a file not compiling. The macro should take care of itself; it's an abstraction barrier I shouldn't have to break. The the macro sort of missed its point in this case, but oh well.
As for Emacs, I was trying to reduce the fluff in the expanded file so that I could read and understand it better, and I wanted to replace all instances of:
#line 52
with the empty string, thus removing all 5 bajillion of those useless lines. But, how to tell Emacs to include the newline character in its to-replace string? Mystery of mysteries! Turns out that it's C-q C-j, according to the Internet. Thank you Internet! For once, you've come through.
On with the revolution!
My first observation has mostly to do with SELinux, but also to do with Emacs. I wrote a module to confine a user (testing, testing) and it uses the userdom_unpriv_user_template() macro, which gives the specified user standard regular user permissions, including login from ssh and local and all other sorts of good stuff I don't understand yet. Now, this macro is expanded by the M4 macro processor native to all Linux machines. I have nothing against this macro processor, as it does its job as well as a macro processor might, but attempting to read the resulting expanded file is difficult because it is 90% useless comments and blank space, with the actual content obscured by awful spacing. Not only that, but the resulting file doesn't compile (in my experience)--it doesn't include Flask classes it needs to know about (such as...files). So I had to modify my module to include practically every single Flask class and their permissions. I'm not wholly opposed to having to include all of these things by hand (and will probably write a macro to do this for me anyway), but using a macro should not result in a file not compiling. The macro should take care of itself; it's an abstraction barrier I shouldn't have to break. The the macro sort of missed its point in this case, but oh well.
As for Emacs, I was trying to reduce the fluff in the expanded file so that I could read and understand it better, and I wanted to replace all instances of:
#line 52
with the empty string, thus removing all 5 bajillion of those useless lines. But, how to tell Emacs to include the newline character in its to-replace string? Mystery of mysteries! Turns out that it's C-q C-j, according to the Internet. Thank you Internet! For once, you've come through.