|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Christopher J. PeBenito wrote:
On 10/14/11 11:57, Daniel J Walsh wrote:Eric and I have come up with the following syntax for this behaviour. default_trans level dir_file_class_set parent;I think we want this to be "range" instead of "level", since the field is actually a range.default_trans user dir_file_class_set process; default_trans role file parent;Isn't there a better set of tokens than this? Why not make it default_user, default_role, default_type, and default_range? Creating an object doesn't really imply a transition, so "trans" seems misleading.
I agree with Chris. This will actually let you make things not transition by default so _trans is misleading. Further, "process" shouldn't be a token since it is an object class (you couldn't actually parse policy with Eric's patches could you?). I don't like "parent" as a token either, and SELinux doesn't know anything about processes and parents anyway. SDS's suggestions a while back are more appropriate IMO, since SELinux does know what source and target are.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
