On Wed, 23 Apr 2003 12:15:17 PDT, Chris Wright <chrisat_private> said: > * Andreas Dilger (adilgerat_private) wrote: > > The only reason to use a common "system.security" is if the actual data > > stored therein was usable by more than a single security module. > > Or, as mentioned, if you care to print out the label with standard > fileutils. The requirement that things like ls, find, cp and so on know where to look for these things trumps any "purity of labels" arguments. In addition, a case can be made that different modules *should* use the same name - because that way when you're re-labelling a file system for a new security module, you can actually *detect* old crufty conflicting labels added by some previous module. "Warning: file %s was already labelled with attribute %s" If you do as Chris suggests, you can't implement this in a clean manner.
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 12:28:22 PDT