[redhat-lspp] [PATCH] setrans - selinux translation daemon
Stephen Smalley
sds at tycho.nsa.gov
Thu Apr 27 16:29:09 UTC 2006
On Wed, 2006-04-26 at 16:12 -0500, Chad Hanson wrote:
> I am attaching the following patches as an initial framework for the SELinux
> translation daemon.
>
> The patches include functionality in the following areas: daemon, client,
> initialization, and initial policy.
>
> After implementing, we should change the file contexts of the translation
> configuration files to SystemHigh. A label arbitration routine needs to be
> added into the daemon to determine whether caller should be able translate
> the requested labels.
What is your view on just folding the client-side functionality into
libselinux itself, and dropping the use of libsetrans as a separate
library entirely? Since the actual translation functionality will live
in the daemon, libsetrans seems unnecessary, and this would avoid both
the overhead and the problems associated with dlopen'ing libsetrans from
libselinux (including enabling the translation support to work from
statically linked programs)?
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list