Naming convention flames
murphy pope
pope_murphy at hotmail.com
Thu Apr 1 22:55:45 UTC 2004
I've been struggling to understand some of this SELinux stuff so I can
explain it to other users. But I have my stupid-hat on these days.
Why does SELinux use a separate user database? Why doesn't SELinux read
the /etc/passwd database instead of maintaining its own? Has anybody
ever said "hey, we've already got one database, things will get a whole
lot clearer if we invent another one instead"?
There seems to be some difference between a domain and a type, although
given the lack of documentation, I'm not convinced of that. If they are
different, who's idea was it to use the same naming convention for
both? Why not user_t and user_d? Use _t to indicate a type and _d to
indicate a domain. Or do they have to be from the same namespace? Does
a type named user_t always exactly correspond to a domain named user_t?
If so, what's the difference between a domain and a type?
Why do we need useradd and seuseradd? Shouldn't useradd give me the
option to create an identity? Or better yet, shouldn't useradd create an
identity by default and give me the option to create a generic user
instead?
Sorry to sound so negative, but this stuff is not ready for prime-time
and without some documentation, it never will be. Without good
documentation, you're gonna have to revert this whole project. When
something goes wrong, I don't know if it's a bug, or if it's my error,
or if it's working right and I just don't know what I'm doing.
-- Murphy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040401/0b93bb2b/attachment.htm>
More information about the fedora-selinux-list
mailing list