Re: [PATCH] Dynamic port labeling V2

[Russell Coker]

On Fri, 4 Dec 2009, Joshua Brindle <method@xxxxxxxxxxxxxxx> wrote:
> Aside from the conversation Dave and Casey are having I still think this
> isn't quite right. First, while you can atomically change a single port
> label with the add command above you can't atomically change multiple
> entries, which I think is completely necessary (you don't want to have
> strange labeling states when changing a set of ports to a new label.

Why is it necessary to change multiple ports at the same time?

We support atomic changes of multiple booleans at the same time due to 
possible interactions between them.  But I don't think that we have any such 
issues with port contexts.

> Also, while having a text parser in the kernel makes it easier to use
> with echo I think it is alot of code in the kernel for no good reason.
> There is no reason not to make a userspace tool that converts the
> textual representation into a serialized struct and feed it to the
> kernel. We typically tell users not to mess around in /selinux anyway,
> since we have a libselinux interface to do that.

It does seem likely that significant code complexity can be avoided by not 
having a plain text interface in this case.

-- 
russell@xxxxxxxxxxxx
http://etbe.coker.com.au/          My Main Blog
http://doc.coker.com.au/           My Documents Blog
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/