1. Distribution of policy a. No way to easily distribute custom policy 2. Policy module format a. All of the disadvantages of a binary format with none of the advantages. 3. Many policy file formats a. Normal policy files (*.te *.if, *.fc) b. Object manager files (dbus_contexts, x_contexts) c. Misc context files (default_contexts, initrc_context, removable_context, etc) d. Other management files (setrans.conf, seusers, etc) 4. Policy store a. Both managed and unmanaged files are in /etc/selinux 5. Build process a. Fragile and brittle b. Difficult to add new features 6. Resource usage a. Tools are slow and/or require a lot of memory -- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
