On Thu, 2009-07-02 at 12:26 -0400, Joshua Kramer wrote: > >> - Security contexts are assigned to more than just processes and files. > > You and i know that but for a common user i think just separation of > > files and processes should suffice. > > When all is said and done a Linux system is just a bunch of files > > Note that I'm putting together a similar tutorial on Userspace Object > Managers [1]. There are applications - DBus, SE-PGSQL - that use SELinux > contexts on arbitrary objects in the program itself, for example, database > columns. These objects are not necessarily files, but instead they are > in-memory data structures. > > I'm going way out there and modelling the behavior of a dog pack - sled > dogs actually - using SELinux contexts. I'll forward to the group for > review when it's done. > > Cheers, > -JK Understood. i will change it to read "objects". my reasoning behind the use of the word files instead was so that it would easier for common users to understand, Although strictly speaking it is incomplete/incorrect. I do not think common users are aware of in-memory data structures and other low level technical details. But again, i will edit it to reflect facts instead. Thanks > ----- > http://www.globalherald.net/jb01 > GlobalHerald.NET, the Smarter Social Network! (tm)
Attachment:
signature.asc
Description: This is a digitally signed message part
