[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: libselinux question for httpd



On Thu, 2005-11-03 at 10:45 -0500, Ivan Gyurdiev wrote:
> Stephen Smalley wrote:
> Naturally,
> > you can extract the string from the structure, so one could have then
> > replaced all direct uses of the string with the struct, but I don't
> > think that would be optimal; plenty of applications only want to deal
> > with the string.  ls -Z, ps -Z, mkdir -Z, ...
> >   
> So, there should be convert functions to go from one to the other, and the
> library interfaces should work with the opaque structure, not with the 
> string.

I don't think so.  Consider:  today, ls can call getfilecon(), which
internally performs a getxattr(), which returns the string stored in the
attribute value, and returns it back to ls for display to the user.  Why
force that process to go through an extra conversion to struct and back
for no reason?

> Anyway, I'm not volunteering to do this right now - just making some 
> observations.
-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]