Re: Groups in the alternative user solution

[Ivan Gyurdiev <gyurdiev@xxxxxxxxxx>]

> I'd actually suggest that we not try to map Unix/Linux groups to SELinux
> users at all, and require explicit Linux user -> SELinux user mappings.
> Unix groups and SELinux user identities serve very different purposes,

I thought they both served the purpose of grouping together
things that should have the same security properties, and 
isolating things that should have different ones.

> and I can't see a good reason to link them together (and definite danger
> in doing so).

Why is that?

>   Better to require them to manage that mapping
> separately.  

Well, that's certainly the easier approach...



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.