On Wed, Apr 23, 2003 at 03:52:14PM -0400, Stephen Smalley wrote: > For many of the patched utilities, there would be no encoding of any > specific policy/module as long as you have a single attribute name, > since they are just handling the labels as strings. That assumes every label is a string. > As a side note, please keep in mind that SELinux is itself a generic > framework for MAC policies, provides encapsulation of security labels, > and allows security models and attributes to be added or removed without > requiring changes outside of the security policy engine, which itself is > an encapsulated component of the SELinux module. That doesn't matter at all for this question - if you have a selinux_label attribute you can add your different policies with string labels to it. But don't mix it up with others. > Not exactly. Our patch to crond uses a generic policy API that was > designed to support many different security models, so it doesn't have > to be specific to SELinux. So it doesn't hardcode your xattr? That's what I suggested.. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 13:20:27 PDT