On 7/16/2019 4:13 PM, Paul Moore wrote:
On Tue, Jul 16, 2019 at 6:18 PM Casey Schaufler
<casey(a)schaufler-ca.com> wrote:
> It sounds as if some variant of the Hideous format:
>
> subj=selinux='a:b:c:d',apparmor='z'
> subj=selinux/a:b:c:d/apparmor/z
> subj=(selinux)a:b:c:d/(apparmor)z
>
> would meet Steve's searchability requirements, but with significant
> parsing performance penalties.
I think "hideous format" sums it up nicely. Whatever we choose here
we are likely going to be stuck with for some time and I'm near to
100% that multiplexing the labels onto a single field is going to be a
disaster.
If the requirement is that subj= be searchable I don't see much of
an alternative to a Hideous format. If we can get past that, and say
that all subj_* have to be searchable we can avoid that set of issues.
Instead of:
s = strstr(source, "subj=")
search_after_subj(s, ...);
we have
s = source
for (i = 0; i < lsm_slots ; i++) {
s = strstr(s, "subj_")
if (!s)
break;
s = search_after_subj_(s, lsm_slot_name[i], ...)
}
There's enough ugly to go around either way.
And I'm not partial to either approach, but do would very
much like to get the code done so I can get on to the next
set of amazing challenges.
Oh, and I don't want to pick on subj= as obj= has the exact same issues.