Re: Newrole in targeted mode

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jaspreet Singh <jsingh@ensim.com>
To: kwade@redhat.com, Matthew Leinhos <leinhos@lamar.colostate.edu>
Cc: nsa <SELinux@tycho.nsa.gov>
Subject: Re: Newrole in targeted mode
Date: Mon, 03 Jan 2005 10:41:56 +0530	[thread overview]
Message-ID: <1104729116.8446.9.camel@jsingh> (raw)
In-Reply-To: <1104665427.9831.13.camel@erato.phig.org>

Hi,
Thanx matthew and karsten ...

> Everything runs in unconfined_t unless there is a transition specified
> to go to the new domain.  This transition is specified for only a small
> number of daemons.
> Other things are simplified.  In the targeted policy, there are fewer
> rules overall, fewer file contexts, and so forth.

Ok, I realized that after seeing the sources for target and strict
policies... 

> Because processes at all levels, whether spawned by init or a user, run
> in the unconfined_t domain, the role has no meaning.  AIUI, a user does
> not need an elevated role for what they do.

I understand that .. But does the system makes *any* assumptions about
the target or strict policies ??

I mean .. does the system distinguish between target and strict
policies ??? If I am not wrong the system just want some basic security
classes in place which are same for target and strict policies.

So, i can just borrow code from strict policy to add more domains and
roles to target policy.

I am right ??

And Also how can i make the selinux understand a policy tree
*intermediate* under /etc/selinux/  and load policy from there ....

> - Karsten
Thanx and Regards,
Jaspreet
-- 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2005-01-03  5:11 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-12-28 18:42 Newrole in targeted mode Nick Gray
2004-12-28 18:50 ` Stephen Smalley
2004-12-30  6:37   ` Jaspreet Singh
2005-01-01 22:20     ` Matthew Leinhos
2005-01-02 11:30     ` Karsten Wade
2005-01-03  5:11       ` Jaspreet Singh [this message]
2005-01-03 14:14         ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1104729116.8446.9.camel@jsingh \
    --to=jsingh@ensim.com \
    --cc=SELinux@tycho.nsa.gov \
    --cc=kwade@redhat.com \
    --cc=leinhos@lamar.colostate.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.