Re: SElinux integration

From: Alexander Larsson <alexl redhat com>
To: Ivan Gyurdiev <ivg2 cornell edu>
Cc: gnome-vfs-list gnome org
Subject: Re: SElinux integration
Date: Mon, 27 Feb 2006 11:22:04 +0100

On Sat, 2006-02-25 at 21:24 -0500, Ivan Gyurdiev wrote:
> Hi,
> 
> RedHat would like to add SELinux integration to Nautilus. As part of 
> this project, it seems we'd have to add support for a SELinux context 
> (ascii string) in the GnomeVfsFileInfo structure (new field). I am 
> currently modifying an older patch from Dan Walsh to add support for this.
> 
> I am wondering if I also need to add options to request get/set of this 
> field - i.e.
> GNOME_VFS_FILE_INFO_GET_SELINUX_CONTEXT
> GNOME_VFS_SET_FILE_INFO_SELINUX_CONTEXT
> 
> or whether I can reuse the existing options of:
> GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS
> GNOME_VFS_SET_FILE_INFO_PERMISSIONS
> 
> (since the selinux context represents MAC permissions on top of the DAC 
> ones..)

You can't re-use those. They have a very specific meaning already, and
extending that isn't really backwards compatible. In fact
GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS already takes selinux into account
by using access().

This needs to be a separate field with separate operations.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's an unconventional overambitious messiah with a passion for fast cars. 
She's a provocative kleptomaniac lawyer with an incredible destiny. They fight 
crime!

Follow-Ups:
- Re: SElinux integration
  - From: Ivan Gyurdiev

References:
- SElinux integration
  - From: Ivan Gyurdiev

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]