Re: Upstream first policy

From: Alan Cox
Date: Mon Mar 08 2010 - 14:19:05 EST

Next message: Al Viro: "Re: Upstream first policy"
Previous message: Cengiz GÃnay: "Re: sata_nv times out for BD-ROM iHOS104-08"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> always worked. I don't even understand why you have that crazy "either or"
> mentality to begin with. Why?
>
> It's not "either pathname or inode". I'm saying _both_ make sense.

SELinux uses both. Things like "I put a file in my public_html directory"
are a good example.

Its object based in the sense that the origin of the data might matter
(eg 'no app which opens the credit card db creates a file httpd can send')

Its path based in the sense that public_html has a path based meaning by
convention understood by httpd. Copy a jpeg into your public_html and it
will be labelled up for http access under the Fedora shipped rule sets.

Alan

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Al Viro: "Re: Upstream first policy"
Previous message: Cengiz GÃnay: "Re: sata_nv times out for BD-ROM iHOS104-08"
In reply to: Linus Torvalds: "Re: Upstream first policy"
Next in thread: Linus Torvalds: "Re: Upstream first policy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]