Christopher J. PeBenito wrote: > On Fri, 2008-06-20 at 15:48 +0900, KaiGai Kohei wrote: >> Christopher J. PeBenito wrote: >>> On Wed, 2008-06-18 at 15:53 +0900, KaiGai Kohei wrote: >>>> Christopher J. PeBenito wrote: >>>>>>> 2. the stored procedure type names have been in the back of my mind for >>>>>>> long time but I couldn't come up with a good naming scheme. This >>>>>>> especially bugged me for the sepgsql_trusted_domain_t and >>>>>>> sepgsql_trusted_proc_t. Why not just go with what we do with regular >>>>>>> domains and executables: sepgsql_trusted_proc_t and >>>>>>> sepgsql_trusted_proc_exec_t? >>>>>> I don't have a clear reason for the naming of them. >>>>>> sepgsql_trusted_proc_t and sepgsql_trusted_proc_exec_t are more suitable >>>>>> for the purpose, I also think. >>>>> It seems that we should also rename $1_sepgsql_proc_t for consistency. >>>> Sorry for late reply. >>>> >>>> At first, $1_sepgsql_proc_t lost the term of "trusted", so its name >>>> does not shows its purpose. >>> No, I mean having a $1_sepgsql_proc_t and $1_sepgsql_proc_exec_t. >> Do you intend the following domain transition? >> user_t + user_sepgsql_proc_exec_t -> user_sepgsql_proc_t >> >> Is there any reason why users should not invoke their functions >> without domain transition? > > I don't think we need a transition. Mainly I think the procedure should > be $1_sepgsql_proc_exec_t so there is naming consistency for stored > procedures. I agree it. Do you need a patch? Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
