Re: libselinux category patch

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <jbrindle@tresys.com>
To: Darrel Goeddel <dgoeddel@TrustedCS.com>
Cc: Stephen Smalley <sds@epoch.ncsc.mil>,
	Daniel J Walsh <dwalsh@redhat.com>,
	SE Linux <selinux@tycho.nsa.gov>
Subject: Re: libselinux category patch
Date: Wed, 24 Aug 2005 10:39:40 -0400	[thread overview]
Message-ID: <430C86AC.9000202@tresys.com> (raw)
In-Reply-To: <430C8560.7090400@trustedcs.com>

Darrel Goeddel wrote:

> Stephen Smalley wrote:
>
>>> I was thinking conflicting rpm packages.  So You can not install MCS 
>>> and MLS translation libaries at the same time.
>>
>>
>>
>> Hmmm...I recall that you didn't want to take that approach for multiple
>> policies, but in that case, you were providing multiple policies in the
>> distribution itself.  As long as you don't think you will ever need to
>> support multiple translation libraries in the base distribution, then
>> conflicting packages may be ok.  Darrel, what do you think?
>
>
> I personally like just managing the symlink /lib/libsetrans.so.0 to point
> to whatever translation lib should be used.  This allows for multiple
> variations to be installed.  As pointed out earlier, the alternatives
> system could be used here.  There should be no need to have more than one
> translation scheme installed on a running system, but it may prove easier
> to allow for that case.  I think the question comes down to what is 
> easier
> for installing a system such as RHEL that may support multiple schemes 
> such as MCS and MLS.  Installing multiple policy types and switching 
> between
> them is a nice feature.  If the policies would want differing translation
> schemes, I think it should be just as easy to switch - no rpm removal 
> and installation.
>
I don't know, it seems like you will potentially have a different 
translation lib for different policies. The policy knows which it wants 
(MCS knows it'll want libsetrans-mls.so or whatever). If you have an MCS 
and an MLS policy on the same system part of the conversion shouldn't be 
changing a symlink, that is fairly hacky. This sounds like a per policy 
configuration to me. That way custom translation libs can be installed 
with the policy and the policy will use it by default.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2005-08-24 14:50 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-22 20:21 libselinux category patch Daniel J Walsh
2005-08-23 13:45 ` Stephen Smalley
2005-08-24 14:19   ` Darrel Goeddel
2005-08-24 14:34     ` Stephen Smalley
2005-08-23 14:06 ` Joshua Brindle
2005-08-23 14:18   ` Daniel J Walsh
2005-08-23 14:50     ` Stephen Smalley
2005-08-23 15:11       ` Daniel J Walsh
2005-08-23 16:15         ` Stephen Smalley
2005-08-24 14:34           ` Darrel Goeddel
2005-08-24 14:39             ` Joshua Brindle [this message]
2005-08-23 14:27 ` Stephen Smalley
2005-08-23 15:02   ` Daniel J Walsh
2005-08-23 15:04     ` Stephen Smalley
2005-08-24 14:48       ` Darrel Goeddel
2005-08-24 14:49         ` Stephen Smalley
2005-08-23 16:52 ` Stephen Smalley
2005-08-23 17:21   ` Stephen Smalley
2005-08-23 18:03     ` Stephen Smalley
2005-08-23 18:10       ` Stephen Smalley
2005-08-24 13:27       ` Daniel J Walsh
2005-08-24 14:13         ` Stephen Smalley
2005-08-24 14:24           ` Daniel J Walsh
2005-08-24 14:50           ` Ok I plead ignorance to the way MLS works Daniel J Walsh
2005-08-24 16:44             ` Darrel Goeddel
2005-08-24 16:56               ` Stephen Smalley
2005-08-24 17:27                 ` Daniel J Walsh
2005-08-24 17:40                   ` Stephen Smalley
2005-08-24 19:14                   ` James Morris
2005-08-24 19:36         ` libselinux category patch Stephen Smalley
2005-08-23 17:54   ` Daniel J Walsh
2005-08-25 14:19 ` Stephen Smalley
  -- strict thread matches above, loose matches on Subject: below --
2005-08-24 20:18 Chad Hanson
2005-08-25 14:56 ` Stephen Smalley
2005-08-25 20:43 Chad Hanson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=430C86AC.9000202@tresys.com \
    --to=jbrindle@tresys.com \
    --cc=dgoeddel@TrustedCS.com \
    --cc=dwalsh@redhat.com \
    --cc=sds@epoch.ncsc.mil \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.