I guess your opinion is that smaller differences between
kernel and modular policy format is better. If so, what do
No, I'm fine with differences in those 2 formats. I just don't want to
get confused later when the on-disk format has extra fields that the
structs in libsepol don't have.
How do you think the approach on the latest libsepol patch?
It integrates all fields to represent its properties ("flavor", "primary"
and "flags") into a single field deployed on the third word of type_datum
entry. These are encoded/decoded by type_read/type_write.
I think an extra field like a new "properties" is unavoidable, because
existing fields of properties are external specification of libsepol.
So we cannot re-organize them arbitrarily.
Thanks,
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
