On Thu, Jan 9, 2014 at 6:22 PM, Dominick Grift <dominick.grift@xxxxxxxxx> wrote: > On Thu, 2014-01-09 at 18:07 -0500, Eric Paris wrote: >> >> I believe we need a new initial sid. SECINITSID_INVALID_LABEL.... > > For what it is worth ; i would not prefer the name invalid_label > > Although it is an accurate name i do not think its optimal, i would go > for "invalid" with the invalid_t type sid associated with it. I agree, I tend to like SECINITSID_INVALID/invalid/invalid_t a bit more. > Invalid_label can give the impression that the whole context is invalid, > and although the context as a whole is invalid, it is usually only due > to one or more invalid sids (usually just one). Don't forget that a sid, including the initial sids, represents a full label/context. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
