On 11/04/2014 03:33 AM, peter enderborg wrote: > Is there any work going on the make it more granular? I did not see > it in the "Remaning Work" backlog. It is a generic problem and should > have a generic solution. It is on the new kernel to-do list, at the bottom of new items on: https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo However, I'm not sure what the general solution would look like. I don't think we want to write policies on socket (domain, type, protocol) triples or introduce unique security classes for every such triple. The security class abstraction in SELinux (and its underlying Flask architecture) is intended to provide a higher level abstraction for security policy writers. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
