Karl MacMillan wrote:
<snip>
5. any references to type attributes should be customizable: ie. process_types = ... filesystem_types = ... etc
I do not consider Linux access vectors to be customizable, unlike types ,attributes, booleans, tunables etc)
I know what you mean, but I have to point out that the domain attribute has been much more stable across many different operating systems than the object classes and access vectors.
This is true, and being able to specify subject types and object types
(processes and files are instances of those) could make this useful for
analysis of e.g., Xen policies... Not that I see a huge demand for that
sort of thing
