Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRE: object class discovery userland
From: Joshua Brindle <jbrindle_at_tresys.com>
Date: Thu, 24 May 2007 20:00:07 -0400
>> Christopher J. PeBenito wrote: >>> The object manager will also have to be modified to get the new >>> class and perm values on a policy reload. >>> >> >> Sigh. Maybe we _would_ be better off hiding the numeric values from >> the caller. >> > > Maybe instead of just looking up class and permission values, > object managers should be able to give libselinux a mapping from > strings to numbers. > > For example, the X server could pass something like > > {"xwindow", 1} > > at startup time. Then libselinux would internally convert 1 > to the real class value for xwindow, keeping track of any > changes resulting from reloads. > > The object managers are all going to have to do something > like this anyway. Doing it in the library could improve > performance for AVC lookups, since the AVC entries could be > keyed off the untranslated numbers. One other thing, this seems like a nicer way to migrate existing users since they are already using static defines they can just pass in what they already have, eg:
In private_flask.h
And then:
And then change #include <flask.h> to #include "private_flask.h" and the calls don't have to be changed. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 24 May 2007 - 20:01:37 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |