A sysfs tree with both dac and mac control would be nice.
On 11/04/2014 03:01 PM, Stephen Smalley wrote:
On 11/04/2014 03:33 AM, peter enderborg wrote:
Is there any work going on the make it more granular? I did not see
it in the "Remaning Work" backlog. It is a generic problem and should
have a generic solution.
It is on the new kernel to-do list, at the bottom of new items on:
https://github.com/SELinuxProject/selinux/wiki/Kernel-Todo
However, I'm not sure what the general solution would look like. I
don't think we want to write policies on socket (domain, type, protocol)
triples or introduce unique security classes for every such triple. The
security class abstraction in SELinux (and its underlying Flask
architecture) is intended to provide a higher level abstraction for
security policy writers.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
