Re: SElinux integration

[Ivan Gyurdiev <ivg2 cornell edu>]

Alexander Larsson wrote:
> On Sat, 2006-02-25 at 21:24 -0500, Ivan Gyurdiev wrote:
>   
> > Hi,
> >
> > RedHat would like to add SELinux integration to Nautilus. As part of 
> > this project, it seems we'd have to add support for a SELinux context 
> > (ascii string) in the GnomeVfsFileInfo structure (new field). I am 
> > currently modifying an older patch from Dan Walsh to add support for this.
> >
> > I am wondering if I also need to add options to request get/set of this 
> > field - i.e.
> > GNOME_VFS_FILE_INFO_GET_SELINUX_CONTEXT
> > GNOME_VFS_SET_FILE_INFO_SELINUX_CONTEXT
> >
> > or whether I can reuse the existing options of:
> > GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS
> > GNOME_VFS_SET_FILE_INFO_PERMISSIONS
> >
> > (since the selinux context represents MAC permissions on top of the DAC 
> > ones..)
> >     
>
> You can't re-use those. They have a very specific meaning already, and
> extending that isn't really backwards compatible. In fact
> GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS already takes selinux into account
> by using access().
>
> This needs to be a separate field with separate operations.
>   
Next question, is it necessary to use a flag for GET, or can 
GNOME_VFS_FILE_INFO_DEFAULT be reused?
It seems like the answer is yes, but I want to make sure...