booleanについての議論

組込み機器におけるbooleanの扱いはどうすべきか。

Karl曰く：
http://marc.info/?l=selinux&m=117492730703345&w=2

What if the booleans are used to represent runtime state, for example
different security settings when a PDA is docked as opposed to undocked?
In that case there is no reasonable default and not preserving the
current values could cause serious problems.

モバイルＰＤＡの場合は、booleanは有益そうだ。様々な状態があるので。

Stephen曰く：
http://marc.info/?l=selinux&m=117501098428708&w=2

Ok, so what I'm hearing is that we don't need to preserve support for
local boolean and user definitions apart from managed policy. If anyone
disagrees, speak up please.

local booleanサポートをsemanage以外に持たせなくすることについて
、意見を求める。
local booleanサポートを、古いものとして消す予定があるようだ。

Karl曰く：
http://marc.info/?l=selinux&m=117501148729399&w=2

I still disagree.

local booleanサポートは残すべきとのこと

Chris曰く：
http://marc.info/?l=selinux&m=117502158710311&w=2

A PDA is going to have more backed storage than RAM. I would argue that
the tunables solution is the better solution from a memory optimization
perspective. Why waste precious RAM on unused configuration rules in
conditionals, when you have roomier flash-backed storage for tunables?

なるほど。boolean使っちゃうと、使ってないポリシを保存することになってしまうと。
で、booleanよりtunableが有益な場合があると。
ということは、booleanを無効にするニーズはありそうだ。

Chris的には、local booleanを削ってもいいと思っているようだ。

Removing setlocaldefs will not change this behavior. Current Boolean
states will still be kept if you reload or update the policy on a
running system.

ポリシーのリロードの際、現在のboolean値は保存されるとのこと。
てことは、ブート時のboolean値は
boolean hogeahoge true;
みたいに（文法違うかも）ポリシにベタに書けば、localdefが無くなっても問題ないのか。

Stephen曰く:
http://marc.info/?l=selinux&m=117502167410408&w=2

> Removing setlocaldefs will not change this behavior. Current Boolean
> states will still be kept if you reload or update the policy on a
> running system.

That's true as long as at least that part of the policy loading logic is
preserved, i.e. the if (preservebools) block in selinux_mkload_policy()
in libselinux. Which calls sepol_genbools_array() and thus requires
libsepol (or a cut-down version of it). But the present load_policy
applet for busybox just calls security_load_policy() directly and won't
preserve booleans across reloads.

うむむ、こないだ出したload_policyでは、boolの値は保存されないのか。

bollean議論の結論

というわけで、
以下の結論になったようだ。
Stephen：
http://marc.info/?l=selinux&m=117502167410408&w=2

That's true as long as at least that part of the policy loading logic is
preserved, i.e. the if (preservebools) block in selinux_mkload_policy()
in libselinux. Which calls sepol_genbools_array() and thus requires
libsepol (or a cut-down version of it). But the present load_policy
applet for busybox just calls security_load_policy() directly and won't
preserve booleans across reloads.

Karl
http://marc.info/?l=selinux&m=117502283211932&w=2

I think that the boolean preservation is more important that the
setlocaldefs portion. So I'm not against removing that I guess.

Chris
http://marc.info/?l=selinux&m=117502395413245&w=2

> I think that the boolean preservation is more important that the
> setlocaldefs portion. So I'm not against removing that I guess.

I definitely agree on this. Not having that would be a regression.

つまりは、local booleanはlibselinuxから削る。
で、load_policyアプレット側で、preserve booleanサポートを入れて欲しい。
また、preserve booleanサポートを入れる際には、
libsepolフル機能を使う必要はないと思っているようだ。

衝撃の発言？

http://marc.info/?l=selinux&m=117508171932024&w=2
Russellの発言。

For such things TOMOYO might be a good option. SE Linux is designed for
general purpose computers. When you get down to an embedded device with 4M
of RAM and 8M of flash that only runs three or four programs then TOMOYO may
have an advantage.

Russellから、TOMOYO Linuxを推薦する言葉が！