* [ANN] SELinux kernel project page
@ 2007-05-11 22:14 James Morris
2007-05-11 22:54 ` Serge E. Hallyn
2007-05-11 23:06 ` Karl MacMillan
0 siblings, 2 replies; 7+ messages in thread
From: James Morris @ 2007-05-11 22:14 UTC (permalink / raw)
To: selinux
FYI,
If you're involved in any kind of SELinux kernel development, you may be
interested in the recently created wiki page:
http://selinuxproject.org/page/Kernel_Development
This is where we'll be keeping track of todo items and various kernel
related issues.
Please feel free to edit the page yourself (wiki accounts may be obtained
by emailing Karl MacMillan <kmacmill@redhat.com>).
At some point, we may migrate this to a Trac system, although that may be
something to consider more widely for the SELinux project in general.
- James
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [ANN] SELinux kernel project page
2007-05-11 22:14 [ANN] SELinux kernel project page James Morris
@ 2007-05-11 22:54 ` Serge E. Hallyn
2007-05-11 23:06 ` Karl MacMillan
1 sibling, 0 replies; 7+ messages in thread
From: Serge E. Hallyn @ 2007-05-11 22:54 UTC (permalink / raw)
To: James Morris; +Cc: selinux
Quoting James Morris (jmorris@namei.org):
> FYI,
>
> If you're involved in any kind of SELinux kernel development, you may be
> interested in the recently created wiki page:
>
> http://selinuxproject.org/page/Kernel_Development
one item is
* Support for kernel namespaces
Did anyone have some idea of what we might want to add? My thought was
that the policy server work would pretty much cover the desired extensions -
so I create a type called 'vserver1', and give vserver1.admin the rights
to create subtypes of vserver1 and administer it's policy, subject to
vserver1's rights.
Maybe someone wanted to add object types for each namespace type, with
'unshare', 'view', and perhaps (though unlikely) 'enter' permissions?
Finally checkpointing seems safely covered by ptrace, and kill by, well,
kill...
-serge
> This is where we'll be keeping track of todo items and various kernel
> related issues.
>
> Please feel free to edit the page yourself (wiki accounts may be obtained
> by emailing Karl MacMillan <kmacmill@redhat.com>).
>
> At some point, we may migrate this to a Trac system, although that may be
> something to consider more widely for the SELinux project in general.
>
>
> - James
> --
> James Morris
> <jmorris@namei.org>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: [ANN] SELinux kernel project page
2007-05-11 22:14 [ANN] SELinux kernel project page James Morris
2007-05-11 22:54 ` Serge E. Hallyn
@ 2007-05-11 23:06 ` Karl MacMillan
2007-05-15 9:33 ` non-standard filesystem support in SELinux Keith Holder
1 sibling, 1 reply; 7+ messages in thread
From: Karl MacMillan @ 2007-05-11 23:06 UTC (permalink / raw)
To: James Morris; +Cc: selinux
On Fri, 2007-05-11 at 18:14 -0400, James Morris wrote:
> FYI,
>
> If you're involved in any kind of SELinux kernel development, you may be
> interested in the recently created wiki page:
>
> http://selinuxproject.org/page/Kernel_Development
>
> This is where we'll be keeping track of todo items and various kernel
> related issues.
>
Eventually we would like to move all of the current selinux project web
pages to this wiki (the selinux.sf.net pages). Unfortunately no one has
had time to work on this recently - if you would like to help please let
me know (on list or privately).
> Please feel free to edit the page yourself (wiki accounts may be obtained
> by emailing Karl MacMillan <kmacmill@redhat.com>).
>
Not just me - any of the selinux maintainers: Josh Brindle, Darrell
Goedel, Steve Smalley, or James Morris.
> At some point, we may migrate this to a Trac system, although that may be
> something to consider more widely for the SELinux project in general.
>
It's not clear to me that Trac would be more useful than the current
svn, bug tracker, and wiki, but I could be wrong.
Karl
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* non-standard filesystem support in SELinux
2007-05-11 23:06 ` Karl MacMillan
@ 2007-05-15 9:33 ` Keith Holder
2007-05-15 11:14 ` Joshua Brindle
0 siblings, 1 reply; 7+ messages in thread
From: Keith Holder @ 2007-05-15 9:33 UTC (permalink / raw)
To: selinux
A quick question on loadable policy modules.
Are there any plans to allow 3rd party filesystem support,
without having to edit/recompile the base policy module?
keith
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: non-standard filesystem support in SELinux
2007-05-15 9:33 ` non-standard filesystem support in SELinux Keith Holder
@ 2007-05-15 11:14 ` Joshua Brindle
2007-05-15 11:22 ` Keith Holder
0 siblings, 1 reply; 7+ messages in thread
From: Joshua Brindle @ 2007-05-15 11:14 UTC (permalink / raw)
To: Keith Holder; +Cc: selinux
Keith Holder wrote:
>
> A quick question on loadable policy modules.
>
> Are there any plans to allow 3rd party filesystem support,
> without having to edit/recompile the base policy module?
>
> keith
I don't think we've ever thought about it, it seems like something that
is very uncommon. I suppose its something we could do when we rewrite
the compiler to use the new representation but it won't be high on the
list of priorities. To be clear, what kind of support are you looking
for? fs_use_* support or genfs support?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: non-standard filesystem support in SELinux
2007-05-15 11:14 ` Joshua Brindle
@ 2007-05-15 11:22 ` Keith Holder
2007-05-15 11:34 ` Joshua Brindle
0 siblings, 1 reply; 7+ messages in thread
From: Keith Holder @ 2007-05-15 11:22 UTC (permalink / raw)
To: Joshua Brindle; +Cc: selinux
Joshua Brindle wrote:
> Keith Holder wrote:
>>
>> A quick question on loadable policy modules.
>>
>> Are there any plans to allow 3rd party filesystem support,
>> without having to edit/recompile the base policy module?
>>
>> keith
>
> I don't think we've ever thought about it, it seems like something that
> is very uncommon. I suppose its something we could do when we rewrite
> the compiler to use the new representation but it won't be high on the
> list of priorities. To be clear, what kind of support are you looking
> for? fs_use_* support or genfs support?
Mostly fs_use_* so that the filesystem, mount points and
underlying files don't end up with the unlabeled_t type as
the default.
keith
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: non-standard filesystem support in SELinux
2007-05-15 11:22 ` Keith Holder
@ 2007-05-15 11:34 ` Joshua Brindle
0 siblings, 0 replies; 7+ messages in thread
From: Joshua Brindle @ 2007-05-15 11:34 UTC (permalink / raw)
To: Keith Holder; +Cc: selinux
Keith Holder wrote:
> Joshua Brindle wrote:
>> Keith Holder wrote:
>>>
>>> A quick question on loadable policy modules.
>>>
>>> Are there any plans to allow 3rd party filesystem support,
>>> without having to edit/recompile the base policy module?
>>>
>>> keith
>>
>> I don't think we've ever thought about it, it seems like something
>> that is very uncommon. I suppose its something we could do when we
>> rewrite the compiler to use the new representation but it won't be
>> high on the list of priorities. To be clear, what kind of support are
>> you looking for? fs_use_* support or genfs support?
>
> Mostly fs_use_* so that the filesystem, mount points and
> underlying files don't end up with the unlabeled_t type as
> the default.
>
Is there a reason you can't use the context mount option to label the
mountpoint and its underlying files?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-05-15 11:34 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-05-11 22:14 [ANN] SELinux kernel project page James Morris
2007-05-11 22:54 ` Serge E. Hallyn
2007-05-11 23:06 ` Karl MacMillan
2007-05-15 9:33 ` non-standard filesystem support in SELinux Keith Holder
2007-05-15 11:14 ` Joshua Brindle
2007-05-15 11:22 ` Keith Holder
2007-05-15 11:34 ` Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.