On Fri, 19 Sep 2008 11:07:22 EDT, Stephen Smalley said: > I know that at one point the trend was toward one value per file, but > that carries a cost of course, and I'm not sure the /selinux/class > interface turned out to be ideal. Maybe others have opinions. That's true for sysfs. The selinuxfs is a different beast and can make its own choices. The biggest gotcha is that you need to remain backwards-combatabl;e, so anything that's there *now* has to remain there for a rather extensive deprecation period. Keep in mind that Andrew Morton just this week had an issue with /proc/net that turned out to be because he had an FC5 policy loaded, and that ancient policy didn't know that /proc/net is now a symlink... What info would *ideally* be available for userspace? Let's figure that out first, and work backwards from there...
Attachment:
pgpZtQ07K03qz.pgp
Description: PGP signature
