From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Joshua Brindle <jbrindle@tresys.com>
Cc: Daniel J Walsh <dwalsh@redhat.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
SE Linux <selinux@tycho.nsa.gov>
Subject: Re: Policycoreutils latest diffs.
Date: Wed, 04 Jan 2006 14:03:54 -0500 [thread overview]
Message-ID: <43BC1C1A.1010203@cornell.edu> (raw)
In-Reply-To: <43BC2C0F.6050208@tresys.com>
>>
>> Speaking of overriding things, is it currently possible to override
>> the entire ethereal security module, for example?
>> Is there a modules.local? It's always been my opinion that modules
>> should be just another record type, and the fs directory should be
>> just another backend to the database...
>>
>>
> I really don't want to get into this again. Generalizing module store
> for the sake of doing so would be a tremendous waste of time. The
> policy server will allow transfering of the binary modules to machines
> over the network (with access control) so why would they ever need to
> be stored in some other medium.
Maybe so... I don't think it'd be that difficult, and I think there
would be benefits in terms of shared code and uniform interface.
Anyway, my point was uniform interface is a good thing - modules should
be less special and more like the other things.
My first question still stands, whether or not the store is generalized
- it seems potentially useful to have a modules.local folder. It
actually seems like a namespace conflict not to have one - what if I
write a module, put it in the modules folder, and then it gets
overwritten by policy when somebody makes another one with the same
name. What if I want a more restrictive version of mozilla? Or a more
relaxed one? Or I want to make a program that has a policy interoperate
with my secret 3rd party extension that I can't upstream.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-01-04 19:03 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-03 18:39 Policycoreutils latest diffs Daniel J Walsh
2006-01-03 17:22 ` Ivan Gyurdiev
2006-01-04 16:33 ` Ivan Gyurdiev
2006-01-04 16:40 ` Ivan Gyurdiev
2006-01-04 19:15 ` Daniel J Walsh
2006-01-04 17:31 ` Ivan Gyurdiev
2006-01-04 17:37 ` Ivan Gyurdiev
2006-01-04 19:35 ` Joshua Brindle
2006-01-04 17:38 ` Ivan Gyurdiev
2006-01-04 19:39 ` Daniel J Walsh
2006-01-04 19:41 ` Joshua Brindle
2006-01-04 18:02 ` Ivan Gyurdiev
2006-01-04 20:11 ` Joshua Brindle
2006-01-04 19:03 ` Ivan Gyurdiev [this message]
2006-01-03 18:04 ` Ivan Gyurdiev
2006-01-04 17:36 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2006-02-22 18:23 policycoreutils " Daniel J Walsh
2006-02-23 14:02 ` Stephen Smalley
2006-03-08 17:29 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43BC1C1A.1010203@cornell.edu \
--to=ivg2@cornell.edu \
--cc=dwalsh@redhat.com \
--cc=jbrindle@tresys.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.