On Fri, 2008-09-19 at 10:07 -0400, Joshua Brindle wrote: > For symbol labeling purposes for policy access control we need to be > able to look up symbol hierarchy relationships. I expect we'll do this > by exporting the symbol hierarchy via selinuxfs. Does anyone have > suggestions on what that should look like? Do we want to export > additional information on the symbols at the same time? I would have thought that the policy server would have its own internal policydb that it could consult to check hierarchy relationships? In any event, if we were to export such info via selinuxfs, then yes, we'd want to also export other information about the symbols, such as the user role and level authorizations, so that that information could be used by libselinux and we could ultimately deprecate /selinux/user aka security_compute_user(). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
