On Fri, 2008-06-20 at 15:48 +0900, KaiGai Kohei wrote: > Christopher J. PeBenito wrote: > > On Wed, 2008-06-18 at 15:53 +0900, KaiGai Kohei wrote: > >> Christopher J. PeBenito wrote: > >>>>> 2. the stored procedure type names have been in the back of my mind for > >>>>> long time but I couldn't come up with a good naming scheme. This > >>>>> especially bugged me for the sepgsql_trusted_domain_t and > >>>>> sepgsql_trusted_proc_t. Why not just go with what we do with regular > >>>>> domains and executables: sepgsql_trusted_proc_t and > >>>>> sepgsql_trusted_proc_exec_t? > >>>> I don't have a clear reason for the naming of them. > >>>> sepgsql_trusted_proc_t and sepgsql_trusted_proc_exec_t are more suitable > >>>> for the purpose, I also think. > >>> It seems that we should also rename $1_sepgsql_proc_t for consistency. > >> Sorry for late reply. > >> > >> At first, $1_sepgsql_proc_t lost the term of "trusted", so its name > >> does not shows its purpose. > > > > No, I mean having a $1_sepgsql_proc_t and $1_sepgsql_proc_exec_t. > > Do you intend the following domain transition? > user_t + user_sepgsql_proc_exec_t -> user_sepgsql_proc_t > > Is there any reason why users should not invoke their functions > without domain transition? I don't think we need a transition. Mainly I think the procedure should be $1_sepgsql_proc_exec_t so there is naming consistency for stored procedures. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
