On Wednesday 27 February 2008 8:23:41 am Christopher J. PeBenito wrote: > On Tue, 2008-02-26 at 17:08 -0500, Paul Moore wrote: > > On Tuesday 26 February 2008 4:52:34 pm Eric Paris wrote: > > > On 2/26/08, paul.moore@xxxxxx <paul.moore@xxxxxx> wrote: > > > > It is important to note that > > > > while this patchset adds the permissions required it doesn't > > > > enable the "network_peer_controls" policy capability. > > [...] > > > > So, does anyone have a good idea suggestions where we should turn > > > on/off these new capabilities? I know it has to be in the base > > > module in the end, but I don't know what file to put them in. I > > > might just throw it in kernel.te for now for me to keep testing > > > but I assume we are going to want all of these definitions in one > > > place? Are we going to want them all over as long as they end up > > > being built into base? > > > > I have no idea but I suspect Chris has given this some thought and > > probably has some ideas. I tend to think putting them in one place > > is probably a good idea ... > > I haven't thought about this much, but my initial idea would be to > have a specific file, maybe policy/polcaps or policy/capabilites. Sounds good to me. -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
