> Message: 1 > Date: 01 May 2003 15:37:30 -0400 > From: Stephen Smalley <sdsat_private> > Although there are still a number of patches that need to be merged > before the SELinux module can be merged, I'd like to go ahead and invite > comments on the SELinux security module now so that we can work on > improving it in parallel. One comment I have is that it'd be nice to improve the user-level tool that compiles security policy definitions into the file used by the SELinux security module. I freely admit that this is a different level than the security module - and can be modified separately - but it'd be nice to make the language a little simpler NOW than wait. For example, allowing null ";" definitions would make it so that whether or not something is a macro isn't relevant - from the user's point of view, it'd be nice if there was a simple rule like "everything ends in a semicolon". I sent in comments on other ways to simplify the policy language, which I'm sure you still have, e.g., renaming some things so that they were clearer. Since the policy language is the first thing that SELinux administrators have to deal with when using SELinux, it'd be nice for if language was simpler and clearer than it is now. Once you have more users, it will be harder to change the language later (too many policies will depend on the existing language). And by simplifying things, you're more likely to have more users. My apologies if you've made those changes; I haven't downloaded & tried the very latest versions. --- David A. Wheeler dwheelerat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri May 02 2003 - 13:55:09 PDT