context_sensitivity_{get|set}

context_sensitivity_{get|set}

[Matt Anderson]

For my latest CUPS patch I needed to include code that set the
sensitivity of the spool file storing the to that of the client's
context when they queued the job.  I used context_range_get() to
retrieve the MLS range, but then had to use strtok() to get the lower bound.

Is context_sensitivity_get() or context_sensitivity_set() a function
that other consumers might need?  Should it be included in libselinux?

-matt

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
> For my latest CUPS patch I needed to include code that set the
> sensitivity of the spool file storing the to that of the client's
> context when they queued the job.  I used context_range_get() to
> retrieve the MLS range, but then had to use strtok() to get the lower bound.
> 
> Is context_sensitivity_get() or context_sensitivity_set() a function
> that other consumers might need?  Should it be included in libselinux?

Providing functions to get/set the low and high would make sense (and
newrole already has to do similar processing internally for newrole -l),
but I don't follow the function names above - do you want just the low
sensitivity (i.e. no categories) or the entire low level?  And you need
to indicate whether you are operating on the low or the high levels in
the interface.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Klaus Weidner]

On Fri, Oct 13, 2006 at 10:04:07AM -0400, Stephen Smalley wrote:
> On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
> > For my latest CUPS patch I needed to include code that set the
> > sensitivity of the spool file storing the to that of the client's
> > context when they queued the job.  I used context_range_get() to
> > retrieve the MLS range, but then had to use strtok() to get the lower bound.
> > 
> > Is context_sensitivity_get() or context_sensitivity_set() a function
> > that other consumers might need?  Should it be included in libselinux?
> 
> Providing functions to get/set the low and high would make sense (and
> newrole already has to do similar processing internally for newrole -l),
> but I don't follow the function names above - do you want just the low
> sensitivity (i.e. no categories) or the entire low level?  And you need
> to indicate whether you are operating on the low or the high levels in
> the interface.

The terminology is confusing, and it doesn't help that the LSPP document
combines the terms in creative ways. It uses "sensitivity label" and
"security level" to refer to the full set, and generally includes the
term "hierarchical" when referring to the non-category part only.

My preference would be to have separate functions for the high level,
maybe including "clearance" in the name, since that's generally
appropriate for subjects only. I'd consider it a bug to assign level
ranges to objects - they should have either a single level or be a
trusted object. I think the symmetry in the current implementation is a
bit of a distraction...

How about context_mlslevel_get/set() for objects and the effective level
of subjects, and context_mlsclearance_get/set() for the high level of
subjects?  (I'm not saying it needs to actually enforce the
subject/object distinction, people can use the clearance function to set
the high level of objects if they insist.)

-Klaus

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Paul Moore]

Klaus Weidner wrote:
> On Fri, Oct 13, 2006 at 10:04:07AM -0400, Stephen Smalley wrote:
> 
>>On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
>>
>>>For my latest CUPS patch I needed to include code that set the
>>>sensitivity of the spool file storing the to that of the client's
>>>context when they queued the job.  I used context_range_get() to
>>>retrieve the MLS range, but then had to use strtok() to get the lower bound.
>>>
>>>Is context_sensitivity_get() or context_sensitivity_set() a function
>>>that other consumers might need?  Should it be included in libselinux?
>>
>>Providing functions to get/set the low and high would make sense (and
>>newrole already has to do similar processing internally for newrole -l),
>>but I don't follow the function names above - do you want just the low
>>sensitivity (i.e. no categories) or the entire low level?  And you need
>>to indicate whether you are operating on the low or the high levels in
>>the interface.
>  
> The terminology is confusing, and it doesn't help that the LSPP document
> combines the terms in creative ways. It uses "sensitivity label" and
> "security level" to refer to the full set, and generally includes the
> term "hierarchical" when referring to the non-category part only.
> 
> My preference would be to have separate functions for the high level,
> maybe including "clearance" in the name, since that's generally
> appropriate for subjects only. I'd consider it a bug to assign level
> ranges to objects - they should have either a single level or be a
> trusted object. I think the symmetry in the current implementation is a
> bit of a distraction...
> 
> How about context_mlslevel_get/set() for objects and the effective level
> of subjects, and context_mlsclearance_get/set() for the high level of
> subjects?  (I'm not saying it needs to actually enforce the
> subject/object distinction, people can use the clearance function to set
> the high level of objects if they insist.)

I agree with Klaus about the "high" portion of the MLS label really being more
of a clearance and the "low" portion being the effective.  However, since these
new library functions would operate strictly on a context and not on the object
itself I wonder it we would be better served by sticking with the more abstract
names of context_mlslow_{get,set}() and context_mlshigh_{get,set}()?

-- 
paul moore
linux security @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Matt Anderson]

Stephen Smalley wrote:
> On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
>>For my latest CUPS patch I needed to include code that set the
>>sensitivity of the spool file storing the to that of the client's
>>context when they queued the job.  I used context_range_get() to
>>retrieve the MLS range, but then had to use strtok() to get the lower bound.
>>
>>Is context_sensitivity_get() or context_sensitivity_set() a function
>>that other consumers might need?  Should it be included in libselinux?
> 
> Providing functions to get/set the low and high would make sense (and
> newrole already has to do similar processing internally for newrole -l),
> but I don't follow the function names above - do you want just the low
> sensitivity (i.e. no categories) or the entire low level?  And you need
> to indicate whether you are operating on the low or the high levels in
> the interface.
> 

I agree names are a bit confusing, I was at a loss for what to call them
myself and decided to defer to the output from secon:

# secon
user: root
role: staff_r
type: staff_t
sensitivity: SystemLow
clearance: SystemHigh
mls-range: SystemLow-SystemHigh

For my usage I need the entire low level.  There may be other users want
just the sensitivity, but I'd be concerned that information would be
unintentionally downgraded by leaving off categories.

-matt

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Paul Moore]

Paul Moore wrote:
> Klaus Weidner wrote:
> 
>>On Fri, Oct 13, 2006 at 10:04:07AM -0400, Stephen Smalley wrote:
>>
>>>Providing functions to get/set the low and high would make sense (and
>>>newrole already has to do similar processing internally for newrole -l),
>>>but I don't follow the function names above - do you want just the low
>>>sensitivity (i.e. no categories) or the entire low level?  And you need
>>>to indicate whether you are operating on the low or the high levels in
>>>the interface.
>>
>>The terminology is confusing, and it doesn't help that the LSPP document
>>combines the terms in creative ways. It uses "sensitivity label" and
>>"security level" to refer to the full set, and generally includes the
>>term "hierarchical" when referring to the non-category part only.
>>
>>My preference would be to have separate functions for the high level,
>>maybe including "clearance" in the name, since that's generally
>>appropriate for subjects only. I'd consider it a bug to assign level
>>ranges to objects - they should have either a single level or be a
>>trusted object. I think the symmetry in the current implementation is a
>>bit of a distraction...
>>
>>How about context_mlslevel_get/set() for objects and the effective level
>>of subjects, and context_mlsclearance_get/set() for the high level of
>>subjects?  (I'm not saying it needs to actually enforce the
>>subject/object distinction, people can use the clearance function to set
>>the high level of objects if they insist.)
> 
> I agree with Klaus about the "high" portion of the MLS label really being more
> of a clearance and the "low" portion being the effective.  However, since these
> new library functions would operate strictly on a context and not on the object
> itself I wonder it we would be better served by sticking with the more abstract
> names of context_mlslow_{get,set}() and context_mlshigh_{get,set}()?
> 

Ungh, sorry, but I just thought of another reason to go with the "_mlslow_" and
"_mlshigh_" naming convention ... the concept of using the lower portion of the
MLS label as the effective label and the higher portion as the clearance label
is not hardcoded into the security server, it is part of the MLS constraints in
the policy (if memory serves correctly).  With this in mind I would strongly
argue against using "effective" or "clearance" in the interface names as this
could be very confusing for application developers who decide to use the SELinux
MLS concept for something other than the standard LSPP usage case.

-- 
paul moore
linux security @ hp

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Fri, 2006-10-13 at 12:18 -0400, Paul Moore wrote:
> Klaus Weidner wrote:
> > On Fri, Oct 13, 2006 at 10:04:07AM -0400, Stephen Smalley wrote:
> > 
> >>On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
> >>
> >>>For my latest CUPS patch I needed to include code that set the
> >>>sensitivity of the spool file storing the to that of the client's
> >>>context when they queued the job.  I used context_range_get() to
> >>>retrieve the MLS range, but then had to use strtok() to get the lower bound.
> >>>
> >>>Is context_sensitivity_get() or context_sensitivity_set() a function
> >>>that other consumers might need?  Should it be included in libselinux?
> >>
> >>Providing functions to get/set the low and high would make sense (and
> >>newrole already has to do similar processing internally for newrole -l),
> >>but I don't follow the function names above - do you want just the low
> >>sensitivity (i.e. no categories) or the entire low level?  And you need
> >>to indicate whether you are operating on the low or the high levels in
> >>the interface.
> >  
> > The terminology is confusing, and it doesn't help that the LSPP document
> > combines the terms in creative ways. It uses "sensitivity label" and
> > "security level" to refer to the full set, and generally includes the
> > term "hierarchical" when referring to the non-category part only.
> > 
> > My preference would be to have separate functions for the high level,
> > maybe including "clearance" in the name, since that's generally
> > appropriate for subjects only. I'd consider it a bug to assign level
> > ranges to objects - they should have either a single level or be a
> > trusted object. I think the symmetry in the current implementation is a
> > bit of a distraction...
> > 
> > How about context_mlslevel_get/set() for objects and the effective level
> > of subjects, and context_mlsclearance_get/set() for the high level of
> > subjects?  (I'm not saying it needs to actually enforce the
> > subject/object distinction, people can use the clearance function to set
> > the high level of objects if they insist.)
> 
> I agree with Klaus about the "high" portion of the MLS label really being more
> of a clearance and the "low" portion being the effective.  However, since these
> new library functions would operate strictly on a context and not on the object
> itself I wonder it we would be better served by sticking with the more abstract
> names of context_mlslow_{get,set}() and context_mlshigh_{get,set}()?

Yes.  The effective/current and clearance notions are purely policy
configuration-dependent (i.e. how they are actually used in the mls
constraints); from a mechanism point of view, it is just a low level and
a high level, and subject/object contexts aren't differentiated.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Fri, 2006-10-13 at 12:21 -0400, Matt Anderson wrote:
> Stephen Smalley wrote:
> > On Thu, 2006-10-12 at 15:19 -0400, Matt Anderson wrote:
> >>For my latest CUPS patch I needed to include code that set the
> >>sensitivity of the spool file storing the to that of the client's
> >>context when they queued the job.  I used context_range_get() to
> >>retrieve the MLS range, but then had to use strtok() to get the lower bound.
> >>
> >>Is context_sensitivity_get() or context_sensitivity_set() a function
> >>that other consumers might need?  Should it be included in libselinux?
> > 
> > Providing functions to get/set the low and high would make sense (and
> > newrole already has to do similar processing internally for newrole -l),
> > but I don't follow the function names above - do you want just the low
> > sensitivity (i.e. no categories) or the entire low level?  And you need
> > to indicate whether you are operating on the low or the high levels in
> > the interface.
> > 
> 
> I agree names are a bit confusing, I was at a loss for what to call them
> myself and decided to defer to the output from secon:
> 
> # secon
> user: root
> role: staff_r
> type: staff_t
> sensitivity: SystemLow
> clearance: SystemHigh
> mls-range: SystemLow-SystemHigh
> 
> For my usage I need the entire low level.  There may be other users want
> just the sensitivity, but I'd be concerned that information would be
> unintentionally downgraded by leaving off categories.

I think unfortunately secon and the audit interface were polluted by a
limited notion of the MLS model.  Proper terms are low level and high
level, not sensitivity and clearance.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Casey Schaufler]

--- Matt Anderson <mra@hp.com> wrote:


> For my usage I need the entire low level.  There may
> be other users want
> just the sensitivity, but I'd be concerned that
> information would be
> unintentionally downgraded by leaving off
> categories.

This has got to stop. Sensitivity has ALWAYS
refered to the entire sensitivity label,
heirarchical and categories combined. You
never ever deal with them seperately, in
code or in dialog. I know of exactly one
exception to this rule, and the current
project remains innocent of it. I'm not going
to be the serpent in the garden and tell
you what it is, either.

Level is the hierarchical component.
Categories or compartments describe
the non-hierarchical component.
Sensitivity is the combination of
at least those two parts.

Always.


Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Klaus Weidner]

On Fri, Oct 13, 2006 at 12:26:28PM -0400, Paul Moore wrote:
> Ungh, sorry, but I just thought of another reason to go with the "_mlslow_" and
> "_mlshigh_" naming convention ... the concept of using the lower portion of the
> MLS label as the effective label and the higher portion as the clearance label
> is not hardcoded into the security server, it is part of the MLS constraints in
> the policy (if memory serves correctly).  With this in mind I would strongly
> argue against using "effective" or "clearance" in the interface names as this
> could be very confusing for application developers who decide to use the SELinux
> MLS concept for something other than the standard LSPP usage case.

I'm convinced, these names also avoid the level vs sensitivity confusion that
Casey brought up.

-Klaus

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Fri, 2006-10-13 at 09:58 -0700, Casey Schaufler wrote:
> 
> --- Matt Anderson <mra@hp.com> wrote:
> 
> 
> > For my usage I need the entire low level.  There may
> > be other users want
> > just the sensitivity, but I'd be concerned that
> > information would be
> > unintentionally downgraded by leaving off
> > categories.
> 
> This has got to stop. Sensitivity has ALWAYS
> refered to the entire sensitivity label,
> heirarchical and categories combined. You
> never ever deal with them seperately, in
> code or in dialog. I know of exactly one
> exception to this rule, and the current
> project remains innocent of it. I'm not going
> to be the serpent in the garden and tell
> you what it is, either.
> 
> Level is the hierarchical component.
> Categories or compartments describe
> the non-hierarchical component.
> Sensitivity is the combination of
> at least those two parts.
> 
> Always.

No, usage is decidedly mixed.  "Security level" is often used to mean
the entire label, while "sensitivity" is often used to mean the
hierarchical component only (and this fits more with the natural
language meaning of sensitivity).  Look around a bit.

In any event, in SELinux, each context has a MLS range consisting of a
low level and a high level (reduced to a single level when they are
equal), and each level consists of a sensitivity value and an optional
category set.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Casey Schaufler]

--- Stephen Smalley <sds@tycho.nsa.gov> wrote:


> No, usage is decidedly mixed.  "Security level" is
> often used to mean
> the entire label, while "sensitivity" is often used
> to mean the
> hierarchical component only (and this fits more with
> the natural
> language meaning of sensitivity).  Look around a
> bit.

Bah. (waves paw).

> In any event, in SELinux, each context has a MLS
> range consisting of a
> low level and a high level (reduced to a single
> level when they are
> equal), and each level consists of a sensitivity
> value and an optional
> category set.

Then your use of the terms is inconsistant
with historical practice and will contribute
to the overall confusion.

Kids.



Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Fri, 2006-10-13 at 12:43 -0700, Casey Schaufler wrote:
> 
> --- Stephen Smalley <sds@tycho.nsa.gov> wrote:
> 
> 
> > No, usage is decidedly mixed.  "Security level" is
> > often used to mean
> > the entire label, while "sensitivity" is often used
> > to mean the
> > hierarchical component only (and this fits more with
> > the natural
> > language meaning of sensitivity).  Look around a
> > bit.
> 
> Bah. (waves paw).
> 
> > In any event, in SELinux, each context has a MLS
> > range consisting of a
> > low level and a high level (reduced to a single
> > level when they are
> > equal), and each level consists of a sensitivity
> > value and an optional
> > category set.
> 
> Then your use of the terms is inconsistant
> with historical practice and will contribute
> to the overall confusion.

>From the TCSEC glossary:
	"Security Level - The combination of a hierarchical classification and
a set of non-hierarchical categories that represents the sensitivity of
information."

>From Bell and LaPadula's Secure Computer Systems:  Unified Exposition
and Multics Interpretation:
	"A total security designation is a pair:
		(classification, set of categories).
	 Such a pair we call a "security level.""

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Linda Knippers]

Stephen Smalley wrote:
> On Fri, 2006-10-13 at 12:21 -0400, Matt Anderson wrote:
> 
>>I agree names are a bit confusing, I was at a loss for what to call them
>>myself and decided to defer to the output from secon:
>>
>># secon
>>user: root
>>role: staff_r
>>type: staff_t
>>sensitivity: SystemLow
>>clearance: SystemHigh
>>mls-range: SystemLow-SystemHigh
>>
>>For my usage I need the entire low level.  There may be other users want
>>just the sensitivity, but I'd be concerned that information would be
>>unintentionally downgraded by leaving off categories.
> 
> 
> I think unfortunately secon and the audit interface were polluted by a
> limited notion of the MLS model.  Proper terms are low level and high
> level, not sensitivity and clearance.

Is it too late to clean up these tools?  With audit, is it just changing
the names of the parameters in some of the user space tools?

-- ljk


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Stephen Smalley]

On Fri, 2006-10-13 at 16:36 -0400, Linda Knippers wrote:
> Stephen Smalley wrote:
> > On Fri, 2006-10-13 at 12:21 -0400, Matt Anderson wrote:
> > 
> >>I agree names are a bit confusing, I was at a loss for what to call them
> >>myself and decided to defer to the output from secon:
> >>
> >># secon
> >>user: root
> >>role: staff_r
> >>type: staff_t
> >>sensitivity: SystemLow
> >>clearance: SystemHigh
> >>mls-range: SystemLow-SystemHigh
> >>
> >>For my usage I need the entire low level.  There may be other users want
> >>just the sensitivity, but I'd be concerned that information would be
> >>unintentionally downgraded by leaving off categories.
> > 
> > 
> > I think unfortunately secon and the audit interface were polluted by a
> > limited notion of the MLS model.  Proper terms are low level and high
> > level, not sensitivity and clearance.
> 
> Is it too late to clean up these tools?  With audit, is it just changing
> the names of the parameters in some of the user space tools?

Also affects the kernel definitions (include/linux/audit.h), if you want
consistent naming all the way down.  Not sure it is worth it.
At present, audit uses sensitivity/clearance to talk about the subject
low/high levels, but refers to the object levels as just low/high.

Also, likely need to distinguish here between the interface we present
to users versus the application interfaces.  I suppose audit and secon
could ultimately support some kind of per-policy configuration for
naming the label components in a way that matches the user expectations
for that policy.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Casey Schaufler]

--- Stephen Smalley <sds@tycho.nsa.gov> wrote:

> >From the TCSEC glossary:
> 	"Security Level - The combination of a hierarchical
> classification and
> a set of non-hierarchical categories that represents
> the sensitivity of
> information."
> 
> >From Bell and LaPadula's Secure Computer Systems: 
> Unified Exposition
> and Multics Interpretation:
> 	"A total security designation is a pair:
> 		(classification, set of categories).
> 	 Such a pair we call a "security level.""

>From FIPS188:

security label - A marking bound to a resource
(which may be a data unit) that names or
designates the security attributes of that
resource [2].

security level - A hierarchical indicator of
the degree of sensitivity to a certain threat.
It implies, according to the security policy
being enforced, a specific level of protection.


>From Telecom Glossary 2K
( http://www.atis.org/tg2k/_security_label.html )

security label: Information representing the
sensitivity of a subject or object, such as its
hierarchical classification ("confidential," "secret,"
"top secret") together with any applicable
nonhierarchical security categories (e.g., sensitive
compartmented information, critical nuclear weapon
design information).
[INFOSEC-99] Synonym security classification. 


I suppose that we could throw quotes at each
other all day and in the end neither would
convince the other.

In the Unix MLS world everyone calls the
hierarchical part the level and the whole
thing the label. It is entirely possible
that such usage is incorrect.

Well, call it what you will. I gave it my shot.


Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: context_sensitivity_{get|set}

[Joe Nall]

On Oct 13, 2006, at 4:38 PM, Casey Schaufler wrote:


>
> In the Unix MLS world everyone calls the
> hierarchical part the level and the whole
> thing the label. It is entirely possible
> that such usage is incorrect.

That has been my conversational experience, however the HP  
(Secureware) header has this fugly construction (C++ didn't like this  
any more than the similar issue in avc.h I reported earlier). The cat  
array was dynamically sized with post struct padding.

typedef struct mand_ir {
         class_ir_t      class;
         mask_t          cat[1];
}  mand_ir_t;


joe

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.