Hi,
I think the best time for bringing back old topics is right after
release, so here it is.
On Tue, Oct 19, 2010 at 08:46:04PM +0200, Tomas Mraz wrote:
On Tue, 2010-10-19 at 21:06 +0400, Dmitry V. Levin wrote:
> On Tue, Oct 19, 2010 at 06:53:36PM +0200, Tomas Mraz wrote:
> > On Tue, 2010-10-19 at 20:19 +0400, Dmitry V. Levin wrote:
> > > On Wed, Oct 13, 2010 at 03:32:10AM +0400, Dmitry V. Levin wrote:
> > > > On Fri, Oct 08, 2010 at 01:03:29AM +0400, Dmitry V. Levin wrote:
> > > > > On Thu, Oct 07, 2010 at 09:21:10PM +0200, Tomas Mraz wrote:
> > > > [...]
> > > > > > Perhaps it would be better to store the user context
somewhere when
> > > > > > restore is called and then reuse it from this storage?
> > > > >
> > > > > Yes, it would be better, I'll try to reimplement it.
> > > >
> > > > I started to update the module to use pam_get_data/pam_set_data to
manage
> > > > this internal store instead of currently used static variables, and
ended
> > > > up with a rewrite of that part of pam_selinux.c:
> > > >
http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=shortlog;h=pam_s...
> > > >
> > > > Dmitry V. Levin (6):
> > > > pam_selinux.c: remove redundant verbose_message()
> > > > pam_selinux.c: strip trailing whitespaces
> > > > pam_selinux.c: reindent
> > > > pam_selinux.c: rewrite using pam_get_data/pam_set_data
> > > > pam_selinux.c: add "restore" option
> > > > pam_selinux.8.xml: update
> > > >
> > > > modules/pam_selinux/pam_selinux.8.xml | 111 ++-
> > > > modules/pam_selinux/pam_selinux.c | 1079
++++++++++++-----------
> > > > 2 files changed, 653 insertions(+), 537 deletions(-)
> > > >
> > > > The most invasive commit is "rewrite using
pam_get_data/pam_set_data".
> > > > Of course I've tested these changes, but please have a look
anyway.
> > >
> > > Well, I understand that reviewing that stuff is not a piece of cake, but
> > > please have a look.
> > I'd prefer if we postponed this commit either to 1.2.0 or at least 1.1.4
> > version anyway. We should release 1.1.3 with the security fixes soon.
>
> OK, I understand. All I need now is to achieve an agreement on the new option
> name (restore) and its semantics so I could start deployment without risk
> of possible incompatibility with future pam_selinux versions.
The semantics and the name seems to me to be OK now.
I've rebased these changes on top of just released 1.1.5 and pushed to
http://git.altlinux.org/people/ldv/packages/?p=linux-pam.git;a=shortlog;h...
Dmitry V. Levin (4):
pam_selinux.c: reindent
pam_selinux.c: rewrite using pam_get_data/pam_set_data
pam_selinux.c: add "restore" option
pam_selinux.8.xml: update
modules/pam_selinux/pam_selinux.8.xml | 111 +++--
modules/pam_selinux/pam_selinux.c | 1076 ++++++++++++++++++---------------
2 files changed, 656 insertions(+), 531 deletions(-)
This code is already in production for quite a long time, so I suppose
it's stable enough and worth your time to have a look at it, finally.
--
ldv