On Wed, Mar 23, 2005 at 05:17:57PM +0900, Kaigai Kohei wrote:

 kaigai,

 i love it. i see where it's going.

 i just don't get it yet.

 :)

> Hi,
>
> The attached (3rd) patch implements TYPEEXTENDS statement in addition
> to the latest patch. Because TYPE ... EXTENDS statements can not handle
> forwarding loopup, TYPEEXTENDS statement is necessary to represent
> inheritance-relationship not to depend on the definition placement.
>
> TYPEEXTENDS <type-name> EXTENDS <type/attr>, <type/attr>, ... ;
>
> (*) <type-name> and <type/attr> must have been defined.
> This is almost the same as TYPEATTRIBUTE.

> # Access Samba shares.
> -allow smbd_t samba_share_t:dir create_dir_perms;
> -allow smbd_t samba_share_t:file create_file_perms;
> +attribute samba_share_path;
> +allow smbd_t samba_share_path:dir {getattr search};
> +allow smbd_t @samba_share_t:dir create_dir_perms;
> +allow smbd_t @samba_share_t:file create_file_perms;
>

> o And, private additional configuration is as follows:
> --- /dev/null 2005-03-22 18:46:01.562514976 -0500
> +++ policy.kaigai/inaddition.te 2005-03-23 04:06:49.576548144 -0500
> @@ -0,0 +1,7 @@
> +# necessity for access path
> +typeattribute var_t ftp_content_path, samba_share_path;
> +typeattribute httpd_sys_content_t ftp_content_path, samba_share_path;
> +# definition of unified file type
> +type httpd_ftp_t extends httpd_sys_content_t, ftp_content_t;
> +type httpd_samba_t extends httpd_sys_content_t, samba_share_t;

 ... what's the difference between attribute and typeattribute?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.