Re: [PATCH] Extended Attributes for Security Modules against 2.5.68

Christoph Hellwig (hch@infradead.org)
Wed, 23 Apr 2003 21:20:04 +0100


On Wed, Apr 23, 2003 at 03:52:14PM -0400, Stephen Smalley wrote:
> For many of the patched utilities, there would be no encoding of any
> specific policy/module as long as you have a single attribute name,
> since they are just handling the labels as strings.

That assumes every label is a string.

> As a side note, please keep in mind that SELinux is itself a generic
> framework for MAC policies, provides encapsulation of security labels,
> and allows security models and attributes to be added or removed without
> requiring changes outside of the security policy engine, which itself is
> an encapsulated component of the SELinux module.

That doesn't matter at all for this question - if you have a selinux_label
attribute you can add your different policies with string labels to
it. But don't mix it up with others.

> Not exactly. Our patch to crond uses a generic policy API that was
> designed to support many different security models, so it doesn't have
> to be specific to SELinux.

So it doesn't hardcode your xattr? That's what I suggested..

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/