-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
selinux_settings: New table that presents effective SELinux settings #6118
selinux_settings: New table that presents effective SELinux settings #6118
Conversation
a7b1276
to
347f8ee
Compare
b35803a
to
92635ee
Compare
ea1ee70
to
90b6d32
Compare
e98fd90
to
cf0e49d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this looks good, the only change requested is to add more context to the column descriptions.
specs/linux/selinux_settings.table
Outdated
table_name("selinux_settings") | ||
description("Track active SELinux settings.") | ||
schema([ | ||
Column("scope", TEXT, "Scope", index=True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add more context to the three column descriptions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review! This is mostly a key/value property bag, so I'm not sure what kind of descriptions I could use instead of the current ones. Have you got any suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try to describe what the term "scope" means to me, assume I know nothing about SELinux. If there are only 3 types of scopes perhaps you can list them in the description.
specs/linux/selinux_settings.table
Outdated
table_name("selinux_settings") | ||
description("Track active SELinux settings.") | ||
schema([ | ||
Column("scope", TEXT, "Scope", index=True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try to describe what the term "scope" means to me, assume I know nothing about SELinux. If there are only 3 types of scopes perhaps you can list them in the description.
specs/linux/selinux_settings.table
Outdated
description("Track active SELinux settings.") | ||
schema([ | ||
Column("scope", TEXT, "Scope", index=True), | ||
Column("key", TEXT, "Key", index=True), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Key is the name of an SELinux setting, where do these come from, are they well-known or will they be different per system, per kernel version, etc. Try to describe what to expect.
specs/linux/selinux_settings.table
Outdated
schema([ | ||
Column("scope", TEXT, "Scope", index=True), | ||
Column("key", TEXT, "Key", index=True), | ||
Column("value", TEXT, "Value"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Elaborating on what to expect for the value is helpful, for example "boolean values are either on or off"
The code that was originally directly implemented inside the `mounts` table has been moved outside so that it can be reused by the selinux_settings table. This also updates the code to use getmntent_r instead of getmntent.
cf0e49d
to
a111090
Compare
Example output