Re: Problems related to the whole policy infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

If developers would add support of some kind of includes (around 50 lines of code, fix me if I'm wrong) I think it would make policy easier to read and edit, but it doesn't solves real problem - complexity to understand what's really declared in policy and how does rules interfere. I've tried to work with SLIDE - for sure, it much more handy than vim, but I suppose it would be ideal (at least for me and an number of my colleagues) to use something like UML for refpolicy customization.

Regards,

Kirill Novikov,
EastLinux Team

On Thu, Apr 9, 2009 at 8:28 PM, James Carter <jwcart2@xxxxxxxxxxxxx> wrote:
1.  Complexity of SELinux policies
       a.  Inability to create policy abstraction layers
               i.  If we had to write software the way we write policy,
               we would have to compile everything in our system into
               one gigantic, monolithic executable.

--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux