From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id j0CI7jIi017550 for ; Wed, 12 Jan 2005 13:07:45 -0500 (EST) Received: from open.hands.com (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id j0CI5m8I007775 for ; Wed, 12 Jan 2005 18:05:49 GMT Date: Wed, 12 Jan 2005 18:18:14 +0000 From: Luke Kenneth Casson Leighton To: Stephen Smalley Cc: Ivan Gyurdiev , SELinux@tycho.nsa.gov Subject: Re: Multiple contexts Message-ID: <20050112181814.GD26175@lkcl.net> References: <1105390249.8093.21.camel@cobra.ivg2.net> <20050110232312.GI6967@lkcl.net> <1105474191.20566.134.camel@moss-spartans.epoch.ncsc.mil> <20050111214818.GE26175@lkcl.net> <1105538449.22495.8.camel@moss-spartans.epoch.ncsc.mil> <20050112144411.GZ26175@lkcl.net> <1105542047.22495.69.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <1105542047.22495.69.camel@moss-spartans.epoch.ncsc.mil> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, Jan 12, 2005 at 10:00:47AM -0500, Stephen Smalley wrote: > On Wed, 2005-01-12 at 09:44, Luke Kenneth Casson Leighton wrote: > > ... how about encoding the file attributes in the policy files, > > such that they are ACL-like? > > I don't follow your line of thinking. sorry. something simple: i am thinking along the lines of more than one file context being associated with a file - that sort of thing. and permission being checked and allowed on either of the contexts. in this way, someone can keep the default policy made for apache (both the .te and the .fc file) and can also create their own home-grown policy. the issue of creating a special "samba_apache_file_type_t" and deviating from two sets of standard policy files does seem... somewhat archaic. l. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.