[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: file contexts and modularity

To: gyurdiev@xxxxxxxxxx
Subject: RE: file contexts and modularity
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Wed, 29 Jun 2005 14:53:41 -0400
Cc: Karl MacMillan <kmacmillan@xxxxxxxxxx>, selinux@xxxxxxxxxxxxx, "'Daniel J Walsh'" <dwalsh@xxxxxxxxxx>
In-reply-to: <1120070819.20484.40.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <200506291817.j5TIHQ7f013656@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1120070819.20484.40.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Wed, 2005-06-29 at 14:46 -0400, Ivan Gyurdiev wrote:
> > More importantly, we have just decided to remove specific user information from
> > the policy and leaving it in the file contexts seems strange.
> 
> The file contexts serves a different purpose.
> I agree with you in that I don't like having hundreds of files there,
> but at the same time I don't see an alternative.

Polyinstantiate every user home directory ;)
Anyone following up on Chad Seller's work there?
Then you have dynamically created per-role home directories
transparently mounted on the user's home directory for whatever role the
user happens to be logged in as.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- RE: file contexts and modularity
  - From: Karl MacMillan

References:
- RE: file contexts and modularity
  - From: Karl MacMillan
- RE: file contexts and modularity
  - From: Ivan Gyurdiev

Prev by Date: Re: Execmem boolean
Next by Date: Re: Execmem boolean
Previous by thread: RE: file contexts and modularity
Next by thread: RE: file contexts and modularity
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.