Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [RFC] semodule policy
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Thu, 16 Feb 2006 15:58:10 -0500
Will libsemanage be modified to set and preserve the type on the lock files? How will it obtain the correct type for the lock files in the bootstrap case where there is no file_contexts yet? It would be easier if they lived in separate subdirectories so that we could just use directory inheritance, as with the installed kernel binary policy file and the installed file_contexts file. Top-level files in /etc/selinux/$SELINUXTYPE have the same issue, like seusers and setrans.conf, if we ever want them individually typed. selinux_config_t tends to be widely readable.
> Then semodule_t would have a dir type_transition on selinux_config_t. Should the domain be semanage_t to reflect use of libsemanage, and put all three of semodule, setsebool, and semanage into it?
> As for /usr/share/selinux/$NAME/*.pp, I agree that they should have a Likely should add a new type for them. Then we can possibly create pipelines from their type to the store files via the approved programs. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 16 Feb 2006 - 15:52:40 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |