From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <46154467.7080105@manicmethod.com> Date: Thu, 05 Apr 2007 14:48:07 -0400 From: Joshua Brindle MIME-Version: 1.0 To: "Christopher J. PeBenito" CC: Stephen Smalley , Karl MacMillan , Daniel J Walsh , Eric Paris , James Morris , selinux@tycho.nsa.gov Subject: Re: secmark integration References: <1175284031.3602.24.camel@localhost.localdomain> <1175286309.20396.13.camel@localhost.localdomain> <46111709.9060402@redhat.com> <1175525718.20396.46.camel@localhost.localdomain> <1175526952.14681.44.camel@sgc> <1175534120.5433.2.camel@localhost.localdomain> <1175707323.11382.25.camel@sgc.columbia.tresys.com> <1175717294.3191.2.camel@localhost.localdomain> <46140FCA.5020901@redhat.com> <1175788131.3174.4.camel@localhost.localdomain> <1175792799.17676.10.camel@sgc> <1175794800.2902.6.camel@localhost.localdomain> <1175795226.5711.92.camel@moss-spartans.epoch.ncsc.mil> <1175796134.17676.17.camel@sgc> <1175795963.5711.99.camel@moss-spartans.epoch.ncsc.mil> <1175798799.17676.19.camel@sgc> In-Reply-To: <1175798799.17676.19.camel@sgc> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Christopher J. PeBenito wrote: > On Thu, 2007-04-05 at 13:59 -0400, Stephen Smalley wrote: > >> On Thu, 2007-04-05 at 14:02 -0400, Christopher J. PeBenito wrote: >> >>> On Thu, 2007-04-05 at 13:47 -0400, Stephen Smalley wrote: >>> >>>> On Thu, 2007-04-05 at 13:40 -0400, Karl MacMillan wrote: >>>> >>>>> That sounds fine to me (assuming I understand), but I thought people >>>>> were concerned about the number of booleans. >>>>> >>>> We just need a per-domain subtree of booleans under /selinux/booleans ;) >>>> /selinux/booleans/httpd_t/enable_cgi >>>> >>>> Speaking of which, we do want to try to go with a one file per value >>>> approach in selinuxfs, so on the dynamic class/perm discovery work, >>>> let's try to provide a nice directory tree form of it. >>>> >>> Ok, that means I get to start over. :) I was doing some final debugging >>> on a single /selinux/class node that uses a simple transaction >>> like /selinux/access. >>> >>> Just to be certain, you're asking for >>> >>> /selinux/class/[classname]/index >>> /selinux/class/[classname]/[permname] >>> >>> where each of those just return the values? >>> >> Yes, doesn't that sound nicer? >> > > Its fine with me, though it was just mentioned to me that we'll have > problems if there is a future perm named index. Suggestions on what to > call that node? > How about ...security? :) It sucks to reserve something in every permission namespace for this usage, __val__ or something maybe? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.