Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

From: Christoph Hellwig (hchat_private)
Date: Wed Apr 23 2003 - 13:20:04 PDT

  • Next message: Jan Harkes: "Re: [RFC][PATCH] Process Attribute API for Security Modules"

    On Wed, Apr 23, 2003 at 03:52:14PM -0400, Stephen Smalley wrote:
    > For many of the patched utilities, there would be no encoding of any
    > specific policy/module as long as you have a single attribute name,
    > since they are just handling the labels as strings.
    That assumes every label is a string.
    > As a side note, please keep in mind that SELinux is itself a generic
    > framework for MAC policies, provides encapsulation of security labels,
    > and allows security models and attributes to be added or removed without
    > requiring changes outside of the security policy engine, which itself is
    > an encapsulated component of the SELinux module.
    That doesn't matter at all for this question - if you have a selinux_label
    attribute you can add your different policies with string labels to
    it.  But don't mix it up with others. 
    > Not exactly.  Our patch to crond uses a generic policy API that was
    > designed to support many different security models, so it doesn't have
    > to be specific to SELinux.
    So it doesn't hardcode your xattr?  That's what I suggested..
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Wed Apr 23 2003 - 13:20:27 PDT