[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: file contexts and modularity
> -----Original Message-----
> From: Stephen Smalley [mailto:sds@xxxxxxxxxxxxx]
> Sent: Wednesday, June 29, 2005 2:54 PM
> To: gyurdiev@xxxxxxxxxx
> Cc: Karl MacMillan; selinux@xxxxxxxxxxxxx; 'Daniel J Walsh'
> Subject: RE: file contexts and modularity
>
> On Wed, 2005-06-29 at 14:46 -0400, Ivan Gyurdiev wrote:
> > > More importantly, we have just decided to remove specific user information
> from
> > > the policy and leaving it in the file contexts seems strange.
> >
> > The file contexts serves a different purpose.
> > I agree with you in that I don't like having hundreds of files there,
> > but at the same time I don't see an alternative.
>
> Polyinstantiate every user home directory ;)
> Anyone following up on Chad Seller's work there?
> Then you have dynamically created per-role home directories
> transparently mounted on the user's home directory for whatever role the
> user happens to be logged in as.
>
Perfect!
Karl
---
Karl MacMillan
Tresys Technology
http://www.tresys.com
(410) 290-1411 ext 134
> --
> Stephen Smalley
> National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.