On Tue, 2009-04-21 at 08:27 +0900, KaiGai Kohei wrote: > Christopher J. PeBenito wrote: > > On Mon, 2009-04-06 at 11:15 +0900, KaiGai Kohei wrote: > >> The attached patch provides some of reworks and bugfuxes > >> except for new object classes and permissions. > >> > >> - rework: All the newly created database objects by unprivileged > >> clients are prefixed with "user_", and these are controled via > >> sepgsql_enable_users_ddl. > > > > I don't think we should be mixing user content with other unpriv > > clients. > > I would like to discriminate between a procedure declared by unpriv > client and by administrative client, because the policy allows the > unprefixed "sepgsql_proc_exec_t" to be installed as a system internal > component, but it is undesirable to install unpriv-user defined > procedures as is. > > If the "user_" prefix is unpreferable, how do you think other prefixes > something like "anon_", "unpriv_" and so on? I think we should go with unpriv_ for now. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
