On Mon, 2008-06-23 at 21:48 +0900, KaiGai Kohei wrote: > Christopher J. PeBenito wrote: > > On Fri, 2008-06-20 at 15:48 +0900, KaiGai Kohei wrote: > >> Christopher J. PeBenito wrote: > >>> On Wed, 2008-06-18 at 15:53 +0900, KaiGai Kohei wrote: > >>>> Christopher J. PeBenito wrote: > >>>>>>> 2. the stored procedure type names have been in the back of my mind for > >>>>>>> long time but I couldn't come up with a good naming scheme. This > >>>>>>> especially bugged me for the sepgsql_trusted_domain_t and > >>>>>>> sepgsql_trusted_proc_t. Why not just go with what we do with regular > >>>>>>> domains and executables: sepgsql_trusted_proc_t and > >>>>>>> sepgsql_trusted_proc_exec_t? > >>>>>> I don't have a clear reason for the naming of them. > >>>>>> sepgsql_trusted_proc_t and sepgsql_trusted_proc_exec_t are more suitable > >>>>>> for the purpose, I also think. > >>>>> It seems that we should also rename $1_sepgsql_proc_t for consistency. > >>>> Sorry for late reply. > >>>> > >>>> At first, $1_sepgsql_proc_t lost the term of "trusted", so its name > >>>> does not shows its purpose. > >>> No, I mean having a $1_sepgsql_proc_t and $1_sepgsql_proc_exec_t. > >> Do you intend the following domain transition? > >> user_t + user_sepgsql_proc_exec_t -> user_sepgsql_proc_t > >> > >> Is there any reason why users should not invoke their functions > >> without domain transition? > > > > I don't think we need a transition. Mainly I think the procedure should > > be $1_sepgsql_proc_exec_t so there is naming consistency for stored > > procedures. > > I agree it. > Do you need a patch? Well I didn't merge the trusted_proc patch yet, would you update that patch with $1_sepgsql_proc_exec_t too? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
