Title   : Firewall Builder Compiler Manifest File
Author  : Vadim Zaliva <lord@crocodile.org>
Revision: 1.1
Status  : Proposal
==================================================

Rationale
---------

Firewall builder allows users to develop their own policy compilers
and installation scripts. Compilers and installation scripts are
developed by different people. Same policy compiler might have many
installation scripts and same installation script might be used with
different policy compilers.

Manifest file provides a way for install script to tell what files are
produced by policy compiler.

Also, this manifest file will be used to transmit files to remote
machine and to install them there using remote install script.

Requirements
-------------

All policy compilers compatible with FirewallBuilder must support '-m'
option followed by file name. Upon successful policy compiler
execution this file must contain "manifest" data in format described
in this document. If file happen to exist, it must be overwritten.

All policy compilers compatible with FirewallBuilder must support '-m'
option followed by file name. This file will contain infromation
produced by compiler in "manifest" format.

Format
-------

File is ASCII text with character 0x0A used as line delimiter.  Each
line consists of following fields delimited by spaces:

0. Action
1. Filename
2. Action-specific parameters

Action tells compiler how file could be installed. There is no strict
list actions. Policy compiler and install script developers could add
new actions, as long as it supported by compiler and install script
both.

File name is name of the file generated by compiler. It could be
configuration file, shell script, etc.

Action arguments contain information passed to action. Their format is
not specified, except the fact that it can contain macros, in shell
like format. Install script will resolve these macros to values
prior to processing action.

Example of manifest file:

SH policy.fw 0 
COPY hosts ${ETC}/hosts 255 ${ETC}/hosts.bak

Actions
-------

Here are some basic actions:

1. COPY
Parameters: destination, permissions, backup_file_name

2. RUN
Parameters: uid

3. RUN_CHROOT
Parameters: uid, root


Macros:
-------

Here are few basic macros:

1. ETC  - location of system /etc directory
2. TMP  - location of system temporary directory
3. FQHN - host name with domain


Implementation:
---------------

Each action is implemented as shell script or executable command
localted in special directory. Only commands located in this directory
are executed. User can write new commands and add them to the
directory.

It is responsibility of each command to enfores security
restrictions. For example implementation of COPY command might have
configuration file which specify what files and directories it is
allowed to write to and what files permissions should be.


