From: Paul Moore <paul.moore@hp.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov, jmorris@namei.org
Subject: Re: [RFC 3/4] SELinux: extract the NetLabel SELinux support from the security server
Date: Thu, 1 Mar 2007 08:27:12 -0500 [thread overview]
Message-ID: <200703010827.13528.paul.moore@hp.com> (raw)
In-Reply-To: <1172753556.19041.560.camel@moss-spartans.epoch.ncsc.mil>
On Thursday 01 March 2007 7:52:36 am Stephen Smalley wrote:
> On Thu, 2007-03-01 at 07:40 -0500, Stephen Smalley wrote:
> > On Wed, 2007-02-28 at 15:14 -0500, Paul Moore wrote:
> > > plain text document attachment (selinux-isolate_netlabel)
> > > Up until this patch the functions which have provided NetLabel support
> > > to SELinux have been integrated into the SELinux security server, which
> > > for various reasons is not really ideal. This patch makes an effort to
> > > extract as much of the NetLabel support from the security server as
> > > possibile and move it into it's own file within the SELinux directory
> > > structure.
> >
> > Thanks, this looks much better, and helps keep the security server
> > interface as an abstract security interface. Is there any reason you
> > didn't also move security_skb_extlbl_sid() out from the security server?
> > It seems to be a lingering case where the security server directly acts
> > on a kernel object rather than a security abstraction.
>
> It isn't NetLabel-specific, but appears that it could easily just be a
> helper function in hooks.c itself.
That is why I didn't move it, I was focusing on the NetLabel specific bits.
However, I agree, it probably would make more sense to move that out to
hooks.c.
I'll throw together another patch and send it out later today.
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-03-01 13:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-28 20:14 [RFC 0/4] NetLabel fixups/cleanups Paul Moore
2007-02-28 20:14 ` [RFC 1/4] NetLabel: cleanup and document CIPSO constants Paul Moore
2007-02-28 20:14 ` [RFC 2/4] NetLabel: convert a BUG_ON in the CIPSO code to a runtime check Paul Moore
2007-02-28 20:14 ` [RFC 3/4] SELinux: extract the NetLabel SELinux support from the security server Paul Moore
2007-03-01 12:40 ` Stephen Smalley
2007-03-01 12:52 ` Stephen Smalley
2007-03-01 13:27 ` Paul Moore [this message]
2007-02-28 20:14 ` [RFC 4/4] SELinux: rename selinux_netlabel.h to netlabel.h Paul Moore
2007-02-28 21:09 ` [RFC 0/4] NetLabel fixups/cleanups James Morris
2007-02-28 21:36 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200703010827.13528.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=jmorris@namei.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.