SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List RE: object class discovery userland This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Joshua Brindle <jbrindle_at_tresys.com> Date: Thu, 24 May 2007 20:00:07 -0400 Eamon Walsh wrote: > Eamon Walsh wrote: >> Christopher J. PeBenito wrote: >>> The object manager will also have to be modified to get the new >>> class and perm values on a policy reload. >>> >> >> Sigh. Maybe we _would_ be better off hiding the numeric values from >> the caller. >> > > Maybe instead of just looking up class and permission values, > object managers should be able to give libselinux a mapping from > strings to numbers. > > For example, the X server could pass something like > > {"xwindow", 1} > > at startup time. Then libselinux would internally convert 1 > to the real class value for xwindow, keeping track of any > changes resulting from reloads. > > The object managers are all going to have to do something > like this anyway. Doing it in the library could improve > performance for AVC lookups, since the AVC entries could be > keyed off the untranslated numbers. One other thing, this seems like a nicer way to migrate existing users since they are already using static defines they can just pass in what they already have, eg: In private_flask.h #define SECCLASS_WINDOW 32 And then: {"xwindow", SECCLASS_WINDOW} And then change #include <flask.h> to #include "private_flask.h" and the calls don't have to be changed. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 24 May 2007 - 20:01:37 EDT This message: [ Message body ] Next message: Mark Goldman: "Re: [patch 1/3] libsemanage: genhomedircon replacement" Previous message: Joshua Brindle: "RE: object class discovery userland" In reply to: Eamon Walsh: "Re: object class discovery userland" Next in thread: Eamon Walsh: "Re: object class discovery userland" Reply: Eamon Walsh: "Re: object class discovery userland" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom