RE: file contexts and modularity

[Ivan Gyurdiev <ivg2@xxxxxxxxxxx>]

> > Does switching policies require changing the file contexts?
> > I typically use strict policy, so I'm not sure...
> > I suppose this file could be re-generated?
> > 
> 
> Yes - the two policies could potentially have no types in common.

So the file would be regenerated when switching policies.
You have to relabel the filesystem anyway - I don't
see why you can't run genhomedircon or whatever 
in the process.

> > > How would network home directories work?
> > 
> > The same way they work right now?
> > I didn't realize network home dirs support xattr..
> > 
> 
> They don't, but they will. And they don't really work right now.

I still don't understand the problem with network home dirs.
How do they require expansion handling inside matchpathcon?

===============

I've started to implement some of this new scheme for users - 
I've moved most of my code into libselinux,
and now I'm trying to get it to work again. However, I am not 
clear on how groups will work with this new map file (see other
message), and I'm also not clear on how to get the default
role from libselinux, since there is no such thing - 
what should ROLE expand to - do I have to assume the
first role of the users file is appropriate? 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.