From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: [RFC][PATCH -v2] Smack: Integrate with Audit Date: Wed, 12 Mar 2008 11:09:39 -0700 (PDT) Message-ID: <423839.91626.qm@web36615.mail.mud.yahoo.com> References: <20080312164358.GA9540@ubuntu> Reply-To: casey@schaufler-ca.com Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Return-path: In-Reply-To: <20080312164358.GA9540@ubuntu> Sender: linux-security-module-owner@vger.kernel.org To: "Ahmed S. Darwish" , Stephen Smalley Cc: casey@schaufler-ca.com, Andrew Morton , James Morris , Paul Moore , LKML , LSM-ML , Audit-ML , Steve Grubb List-Id: linux-audit@redhat.com --- "Ahmed S. Darwish" wrote: > > > Perhaps I misunderstand, but Smack labels don't represent users (i.e. > > user identity) in any way, so it seemed like a mismatch to use the _USER > > flag there. Whereas types in SELinux bear some similarity to Smack > > labels - simple unstructured names whose meaning is only defined by the > > policy rules. > > > > I think Casey meant the common use of Smack where a login program > (openssh, bin/login, ..) sets a label for each user that logs in, thus > letting each label effectively representing a user. No, I really just don't care which name gets used because none of them map properly but I don't see value in adding a new one. I say _USER is fine. I dislike _TYPE because it implies structure that isn't there and I dislike _ROLE because someone may want to implement roles on top of Smack (it wouldn't be hard) and don't want to start using that term for a specific meaning that might give 'em fits. > > In a sense, smack labels share a bit of _USER and _TYPE. And maybe _ROLE, if you look at it from the right angle. I don't think that it matters. Create a new _LATEFORDINNER if that makes y'all feel better. Best of all would be to stick with _USER and call it done. Thank you. Casey Schaufler casey@schaufler-ca.com