On Mon, 2011-08-08 at 06:41 +0000, HarryCiao wrote: > Hi Stephen, > > As for removing above "ambiguity between declaration and use", so it > would be desirable to remove the association between a regular type > and type attributes in the current type-attribute rule, and shrink it > to some "type" rule only for type declaration, and request policy > writers to setup the association explicitly via the typeattribute > rule. > > Also we should handle roles in a similar way: use some "role" rule > solely for role declaration and "attribute_role" rule for role > attribute declaration, then "roleattribute" rule for setting up their > associations. > > Is that right? > > Also this would introduce significant change to the original > type-attribute rule, how would it be easier for the community to > accept such change? I'm not asking for any further changes to the language, just explaining the analogy to the type-related statements. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
