Re: [RFC] Dynamic discover of object classes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <jbrindle@tresys.com>
To: James Morris <jmorris@namei.org>
Cc: Chad Sellers <csellers@tresys.com>, selinux@tycho.nsa.gov
Subject: Re: [RFC] Dynamic discover of object classes
Date: Tue, 18 Oct 2005 09:12:59 -0400	[thread overview]
Message-ID: <4354F4DB.5000805@tresys.com> (raw)
In-Reply-To: <Pine.LNX.4.63.0510171649190.24028@excalibur.intercode>

James Morris wrote:
> On Mon, 17 Oct 2005, Chad Sellers wrote:
> 
> 
>>We would like to begin implementing option 1, as this seems to be the 
>>cleanest.  Any feedback would be appreciated.
> 
> 
> selinuxfs sounds cleaner.  There's no guarantee that there will be a 
> binary policy on disk.
> 
> Also, what about some form of namespace separation for different object 
> managers?
> 
> 
> - James

The class namespace supports the dot notation, though there is no 
hierarchy definition in that namespace. That would allow all the X 
classes to be X.<something>. This would give the additional advantage of 
being able to label all the X classes with the same type using policycon 
(for the policy server).

The policy server already uses the dot notation to seperate all of its 
object classes (policy.type, policy.user and so on).

Joshua

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2005-10-18 13:15 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-10-17 17:28 [RFC] Dynamic discover of object classes Chad Sellers
2005-10-17 20:51 ` James Morris
2005-10-18 13:12   ` Joshua Brindle [this message]
2006-08-14 19:24 ` Chad Sellers
2006-08-14 19:59   ` Karl MacMillan
2006-08-14 20:29     ` Stephen Smalley
2006-08-14 20:40     ` Chad Sellers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4354F4DB.5000805@tresys.com \
    --to=jbrindle@tresys.com \
    --cc=csellers@tresys.com \
    --cc=jmorris@namei.org \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.