On Tue, 2008-02-26 at 17:08 -0500, Paul Moore wrote: > On Tuesday 26 February 2008 4:52:34 pm Eric Paris wrote: > > On 2/26/08, paul.moore@xxxxxx <paul.moore@xxxxxx> wrote: > > > It is important to note that > > > while this patchset adds the permissions required it doesn't > > > enable the "network_peer_controls" policy capability. [...] > > So, does anyone have a good idea suggestions where we should turn > > on/off these new capabilities? I know it has to be in the base > > module in the end, but I don't know what file to put them in. I > > might just throw it in kernel.te for now for me to keep testing but I > > assume we are going to want all of these definitions in one place? > > Are we going to want them all over as long as they end up being built > > into base? > > I have no idea but I suspect Chris has given this some thought and > probably has some ideas. I tend to think putting them in one place is > probably a good idea ... I haven't thought about this much, but my initial idea would be to have a specific file, maybe policy/polcaps or policy/capabilites. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
