On Saturday 25 October 2008 00:19, Mike Edenfield <kutulu@xxxxxxxxxx> wrote: > Jim Meyering wrote: > > A desire for compatibility makes "+" look good. > > "." is appealing for SELinux-only because it's inconspicuous. > > Speaking as a fairly new SELinux user/admin, having a "." > next to every file in my ls output is just as useful or > non-useful as having a "+" next to them, so does it really > buy anything? I end up needing -Z either way. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472590 The above URL has the history of this discussion. I requested that there be no such notification. I still believe that there should be nothing used in the case of SE Linux (although I could be convinced that the "." is OK if files with the context "system_u:object_r:file_t:s0" did not have it). But it seems that I have lost this debate. Using "." is better than "+", and my request to have none of this in Lenny has been accepted so we have some time to work on this before Lenny+1. > Based on the kind of real-world problems I've had, the most > useful thing ls could tell me about a file on my SELinux > system would be that it *should* have a label and *doesn't*, > something like: > > if ( selinux_enabled ) > if ( label == NULL || label == fs.defaultlabel ) > use "!" > else > use " " > else if ( anything else ) > use "+" That sounds quite reasonable. -- Russell Coker <russell@xxxxxxxxxxxx> http://etbe.coker.com.au/ My Blog http://etbe.coker.com.au/category/security/ My Security blog posts http://www.coker.com.au/selinux/play.html My Play Machine, root PW "SELINUX" -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
