On Thu, 2014-01-09 at 23:21 +0100, Dominick Grift wrote: > On Thu, 2014-01-09 at 16:53 -0500, Daniel J Walsh wrote: > Then leave the unlabeled isid for netlabel ( i think netlabel also uses > the unlabeled isid ) > > That way we can also get rid of the inconsistency where "unlabeled" > nodes are labeled with the object_r role. (nodes are active entities so > i would argue the system_r role would be more sensible for nodes) Not sure if it was peers, nodes or both but i know i was a little annoyed by the inconsistency. I like consistency and intuitiveness. ( on a side note: "system_u:object_r:node_t" is also associated with the node isid currently, not sure if "system_u:system_r:node_t" would be more appropriate -- same for netlabel_peer i guess ) > Then maybe while we are at it also see if we can fix that isid ordering > issue. If one in ones policy messes up the ordering of the isid context > specs one gets all kinds of weird behavior. Not the isid contexts specification ordering but the isid declarations ordering (in the initial_sids file) _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
