Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [SEPOL] Remove defrole from sepol
From: Ivan Gyurdiev <ivg2_at_cornell.edu>
Date: Wed, 23 Nov 2005 15:22:32 -0500
>>>> I'm starting to question the need for this interface at all... it's
>>>> Genhomedircon encapsulates an implementation detail of user/seuser > > this is the reason semanage_user, etc are opaque. you can add a field > and accessor to it without interupting anything else. Therefore you > should just export a new piece of data from whatever type needs it, > and if something else is needed later the same thing can be done.Speaking of which... this doesn't work as nicely as you say. Semantically this default role/labeling prefix thing belongs in the user record, and not anywhere else. There's no reason for making a new record for "auxiliary data". It's keyed on the user, because it should be in the user record. The only reason I'm considering adding a new record type, is because the policydb backend does not support marking which role is default, and writing functions like iterate() over two different backends simultaneously (file for defrole, policy for other info) is just wrong.... it's an implementation-driven interface, and not the other way around, which I don't like. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 23 Nov 2005 - 15:16:06 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |