* Stephen Smalley <sds@xxxxxxxxxxxxx> [2005-08-19 14:50]: > A related idea would be to also extend the binary policy format to > include a field for an arbitrary text string label that could be set > when the policy is generated, and have the kernel save that string and > export it via another new selinuxfs node. This would allow an > identifier string to be associated with the policy image, such as the > policy package's name and version (e.g. > selinux-policy-targeted-1.17.25-3), and extracted later by userspace to > determine which particular policy the one in memory is supposed to > match. I'd really like to see that. When managing many machines it is really nice to see which policy they have loaded. Just yesterday I hacked the makefile to insert the current revision of the policy (we manage policy with tla) as a dummy boolean so it can be inspected at runtime; a proper textfield would be better IMHO. Thomas -- http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7
Attachment:
signature.asc
Description: Digital signature