On 10/14/11 11:57, Daniel J Walsh wrote: > Eric and I have come up with the following syntax for this behaviour. > > default_trans level dir_file_class_set parent; I think we want this to be "range" instead of "level", since the field is actually a range. > default_trans user dir_file_class_set process; > default_trans role file parent; Isn't there a better set of tokens than this? Why not make it default_user, default_role, default_type, and default_range? Creating an object doesn't really imply a transition, so "trans" seems misleading. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
