Friday, March 3, 2006

SELinux Loadable Policy Modules

A new SELinux feature which makes local SELinux policy adjustments much easier was not easy to notice
among all the complaints that SELinux is hard to use.

The `audit2allow` tool should be well-known by now:
given a snippet of the audit log, it outputs policy rules to allow all operations that are are currently prohibited.
The user is expected to add the rules to the (large) policy, recompile the policy and load it.
Finding the "right" place in the policy is not always obvious, though, and a future update of the `selinux-policy`
package might overwrite the modifications.

Now there is an alternative, very convenient especially when trying to extend the policy to handle a new daemon:
Run

> `audit2allow -M` modulename `-i` audit_log_file

This will create a binary loadable module modulename`.pp` that can be quickly loaded by

> `semodule -i` modulename`.pp`

or unloaded using

> `semodule -r` modulename

The `audit2allow` command also creates modulename`.te`, a plain-text representation of the module,
which can be edited and compiled to create a changed binary loadable module, or used as a basis for
patches to the default SELinux policy.

Thursday, February 16, 2006

Fedora Translation

[David](http://lovesunix.net/blog/?p=54), while the documentation for translators is not great,
the [Translation Project](http://fedora.redhat.com/About/Projects/translations/) pages contain enough
to get you started, and people on fedora-trans-list usually respond quite quickly.

Besides [the official status pages](http://i18n.redhat.com/cgi-bin/i18n-status) there are also
[my pages](http://carolina.mff.cuni.cz/~trmac/fedora-i18n.html), where you can download the latest `.po` files.

Sunday, January 22, 2006

The Elements of Programming Style

I have happened to notice our school library provides this book, written by [Kernighan](http://cm.bell-labs.com/cm/cs/who/bwk/) and [Plauger](http://www.plauger.com/).

I found the guidelines not as surprising as the fact that our library has a copy---the book is a classic, after all,
and often quoted. Although some of the guidelines are Fortran-specific, most of them are still valid; it was
useful to read them all in one place.

I found other aspects of the book much more interesting, though:

Wednesday, January 11, 2006

You can't please everyone

[Include Mono](https://www.redhat.com/archives/fedora-extras-list/2005-March/msg00279.html)
or [not](https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177604),
somebody will always want the opposite.

Wednesday, January 4, 2006

Ugly design tends to imply bugs

Quoting the `tcsh` manual page:

>

>
break

>
Causes execution to resume after the end of the nearest enclosing
> foreach or while.
> The remaining commands on the current line are executed. Multi-level breaks are thus possible by writing
> them all on one line.

>


"The remaining commands on the current line are executed".