On Wed, May 20, 2009 at 12:08 PM, Chad Sellers <csellers@xxxxxxxxxx> wrote: > On 5/18/09 2:16 PM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote: > >> This patch adds context files for virtual_domain and virtual_image, >> these are both being used to locat the default context to be executed by >> svirt. >> >> I also included the subs patch which I submitted before. This patch >> allows us to substitute prefixes to matchpathcon. >> >> So we can say /export/home == /home >> >> and >> >> /web == /var/www > > I'm surprised that the subs patch didn't get much discussion before. Any > thoughts on this? Any worries that it might not meld well with the work > currently being done to integrate FCGlob? > > Thanks, > Chad > I don't think it will adversely affect FCGlob integration. It is going to make it harder to understand what a file will get labeled though. Might be useful for genhomedircon to generate a .subs file and for refpolicy to provide labeling on a selinux user basis for home directories: /root /home/unconfined_u /home/sysadm_u ... with a .subs: /home/bob /home/unconfined_u /home/sally /home/sysadm_u ... It doesn't support directories with spaces in them. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
