Skip to content

Implement -context #540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Implement -context #540

wants to merge 6 commits into from

Conversation

fu050409
Copy link

@fu050409 fu050409 commented Apr 26, 2025
edited
Loading

Closes #375

To avoid using C bindings, I wrote the detection logic for SELinux in Rust by referring to libselinux, and used xattr crate to capture the SELinux extension for matching during the matching stage. xattr only supported on unix platforms so it was marked as [target.'cfg(target_os = "linux")'.dependencies].

I'm still looking for a suitable way to write the test.

@codecov Codecov
Copy link

codecov bot commented Apr 26, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 1.06383% with 93 lines in your changes missing coverage. Please review.

Project coverage is 86.53%. Comparing base (e5f7dae) to head (1527504).

Files with missing lines Patch % Lines
src/find/matchers/context.rs 0.00% 88 Missing ⚠️
src/find/matchers/mod.rs 16.66% 5 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #540      +/-   ##
==========================================
- Coverage   87.69%   86.53%   -1.17%     
==========================================
  Files          31       32       +1     
  Lines        6893     6987      +94     
  Branches      324      340      +16     
==========================================
+ Hits         6045     6046       +1     
- Misses        617      710      +93     
  Partials      231      231

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@fu050409 fu050409 force-pushed the feat/implement-context branch from 908a6ac to 8006d1d Compare April 26, 2025 12:24
@sylvestre
Copy link
Contributor

sylvestre commented Apr 26, 2025
edited
Loading

looks like you missed my comment here: #375 (comment) :(

@sylvestre
Copy link
Contributor

https://github.com/uutils/coreutils/blob/main/src/uucore/src/lib/features/selinux.rs i have been working on this and to use it on findutils

also, there is that crate https://codeberg.org/koutheir/selinux
Sorry you wasted your time :(

@fu050409
Copy link
Author

looks like you missed my comment here: #375 (comment) :(

@sylvestre I feel so sorry that GitHub doesn't seem to have pushed this comment to me correctly🥺, I didn't realize you had done some work on it and I didn't deliberately ignore your efforts.

@fu050409
Copy link
Author

fu050409 commented Apr 26, 2025
edited
Loading

also, there is that crate https://codeberg.org/koutheir/selinux Sorry you wasted your time :(

I noticed the crate as well, but I personally don't think we should try to use more c bindings in findutils, it might be more appropriate to use more pure Rust code. What do you think?

@sylvestre
Copy link
Contributor

@fu050409 i am not sure TBH. I like that crates are providing some abstractions.
In the meantime, if we could remove the dependency on a library, that would be ideal

@koutheir what is your take on this if you have one ? :)

@koutheir
Copy link

koutheir commented May 9, 2025

I noticed the crate as well, but I personally don't think we should try to use more c bindings in findutils, it might be more appropriate to use more pure Rust code. What do you think?

Short answer: either (1) use the selinux crate, or (2) move this implementation-dependent logic into its own crate.

Looking at the code, I see multiple hard-coded paths, constants, and logic, all relative to the current implementation details of SELinux; details that could change anytime in subtle ways that could break this Rust implementation. It seems like bad design to me to have that non-trivial amount of logic inside this program. In my opinion, that logic belongs inside a dedicated crate that abstracts it away from this program. Now of course, I prefer that logic to be written in Rust too, but for the moment, such a crate doesn't exist, as far as I know. The closest thing to it is a Rust crate (selinux/selinux-sys) that calls into the official C implementation (libselinux) in order to perform all that logic. On one hand, this implies that using that crate will pull two more Rust crates and one more C shared library as dependencies, but on the other hand, we are not introducing a dependency that is not already in the original C implementation of this program.

Full disclosure: I'm the maintainer of the selinux and selinux-sys crates.

@sylvestre sylvestre force-pushed the feat/implement-context branch from 1527504 to d4e084f Compare May 11, 2025 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement -context
3 participants
@fu050409 @sylvestre @koutheir