From: dwalsh@redhat.com (Daniel J Walsh)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] I think we made a large mistake when we designed apache_content_template.
Date: Wed, 23 Oct 2013 15:44:01 -0400 [thread overview]
Message-ID: <52682701.6030900@redhat.com> (raw)
In-Reply-To: <1382557103.3041.120.camel@d30>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/23/2013 03:38 PM, Dominick Grift wrote:
> On Wed, 2013-10-23 at 13:57 -0400, Daniel J Walsh wrote:
>> type httpd_$1_content_t; # customizable;
>
>>
>> Then tools can look for all content which begins bugzilla and have the
>> correct types drawn.
>
> How about one teaches ones tool to use seinfo and sesearch instead?
>
> Depending on the policy model it might not even be an issue to label files
> with process type ( although i does not make sense to do it )
>
> But its just a property of the policy you are using
>
> People might have a policy implemented that has different properties, and a
> meaningful tool would have the ability to determine characteristics no
> matter what the policies properties are
>
>
Well we do have some tooling that understands seinfo and sesearch.
But the ability for xyz_t to write to abc_file_t and xyz_file_t are probably
two different concepts. By convention is is more likely that we would want to
have a man page generated mentioning the relationship between xyz_t process
type and xyz_file_t, but ignore abc_file_t, or at least treat it as a second
class relationship.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJoJwAACgkQrlYvE4MpobMoywCg5g2mfK+XFIcBhd5/w+gHP68u
mkUAoOpChzHM4LBZroz6hHjLxApiEx6r
=H8Le
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2013-10-23 19:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-23 17:57 [refpolicy] I think we made a large mistake when we designed apache_content_template Daniel J Walsh
2013-10-23 19:13 ` Dominick Grift
2013-10-23 19:14 ` Sven Vermeulen
2013-10-23 19:29 ` Dominick Grift
2013-10-23 19:30 ` Dominick Grift
2013-10-23 19:40 ` Daniel J Walsh
2013-10-23 19:38 ` Dominick Grift
2013-10-23 19:44 ` Daniel J Walsh [this message]
2013-10-23 20:22 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52682701.6030900@redhat.com \
--to=dwalsh@redhat.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.