On Wed, Apr 23, 2003 at 03:52:14PM -0400, Stephen Smalley wrote:
> For many of the patched utilities, there would be no encoding of any
> specific policy/module as long as you have a single attribute name,
> since they are just handling the labels as strings.
That assumes every label is a string.
> As a side note, please keep in mind that SELinux is itself a generic
> framework for MAC policies, provides encapsulation of security labels,
> and allows security models and attributes to be added or removed without
> requiring changes outside of the security policy engine, which itself is
> an encapsulated component of the SELinux module.
That doesn't matter at all for this question - if you have a selinux_label
attribute you can add your different policies with string labels to
it. But don't mix it up with others.
> Not exactly. Our patch to crond uses a generic policy API that was
> designed to support many different security models, so it doesn't have
> to be specific to SELinux.
So it doesn't hardcode your xattr? That's what I suggested..
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:38 EST