Re: SElinux integration



On Mon, 2006-02-27 at 05:32 -0500, Ivan Gyurdiev wrote:
> Alexander Larsson wrote:
> > On Sat, 2006-02-25 at 21:24 -0500, Ivan Gyurdiev wrote:
> >   
> >> Hi,
> >>
> >> RedHat would like to add SELinux integration to Nautilus. As part of 
> >> this project, it seems we'd have to add support for a SELinux context 
> >> (ascii string) in the GnomeVfsFileInfo structure (new field). I am 
> >> currently modifying an older patch from Dan Walsh to add support for this.
> >>
> >> I am wondering if I also need to add options to request get/set of this 
> >> field - i.e.
> >> GNOME_VFS_FILE_INFO_GET_SELINUX_CONTEXT
> >> GNOME_VFS_SET_FILE_INFO_SELINUX_CONTEXT
> >>
> >> or whether I can reuse the existing options of:
> >> GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS
> >> GNOME_VFS_SET_FILE_INFO_PERMISSIONS
> >>
> >> (since the selinux context represents MAC permissions on top of the DAC 
> >> ones..)
> >>     
> >
> > You can't re-use those. They have a very specific meaning already, and
> > extending that isn't really backwards compatible. In fact
> > GNOME_VFS_FILE_INFO_GET_ACCESS_RIGHTS already takes selinux into account
> > by using access().
> >
> > This needs to be a separate field with separate operations.
> >   
> Next question, is it necessary to use a flag for GET, or can 
> GNOME_VFS_FILE_INFO_DEFAULT be reused?
> It seems like the answer is yes, but I want to make sure...

How do you actually get the context? Does it need more syscalls than the
stat that we do by default? If so, it needs to be its own flag (for
performance reasons).

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's an unconventional sweet-toothed stage actor who knows the secret of the 
alien invasion. She's a blind tomboy nun from a different time and place. They 
fight crime! 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]