Naming convention flames
Stephen Smalley
sds at epoch.ncsc.mil
Fri Apr 2 15:05:36 UTC 2004
On Thu, 2004-04-01 at 17:55, murphy pope wrote:
> I've been struggling to understand some of this SELinux stuff so I can
> explain it to other users. But I have my stupid-hat on these days.
yum install selinux-doc
cd /usr/share/SELinux
ggv policy.pdf
In particular, see section 3.
Note to Dan: Might it be a good idea to have selinux-doc also include
the HTML version of the reports? The Makefile already supports building
HTML from the DocBook sources.
Of course, I assume you've already looked at the Fedora SELinux FAQ and
the externally developed sourceforge selinux HOWTOs/FAQs.
> Why does SELinux use a separate user database? Why doesn't SELinux
> read the /etc/passwd database instead of maintaining its own? Has
> anybody ever said "hey, we've already got one database, things will
> get a whole lot clearer if we invent another one instead"?
Section 3.3 of policy.pdf.
> There seems to be some difference between a domain and a type,
> although given the lack of documentation, I'm not convinced of that.
> If they are different, who's idea was it to use the same naming
> convention for both? Why not user_t and user_d? Use _t to indicate a
> type and _d to indicate a domain. Or do they have to be from the same
> namespace? Does a type named user_t always exactly correspond to a
> domain named user_t? If so, what's the difference between a domain
> and a type?
Section 3.1 of policy.pdf. Likely also covered by the externall
developed HOWTOs/FAQs.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list