[redhat-lspp] [PATCH] setrans - selinux translation daemon
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 28 21:46:12 UTC 2006
Stephen Smalley wrote:
> On Wed, 2006-04-26 at 16:12 -0500, Chad Hanson wrote:
>
>> I am attaching the following patches as an initial framework for the SELinux
>> translation daemon.
>>
>> The patches include functionality in the following areas: daemon, client,
>> initialization, and initial policy.
>>
>> After implementing, we should change the file contexts of the translation
>> configuration files to SystemHigh. A label arbitration routine needs to be
>> added into the daemon to determine whether caller should be able translate
>> the requested labels.
>>
>
> What is your view on just folding the client-side functionality into
> libselinux itself, and dropping the use of libsetrans as a separate
> library entirely? Since the actual translation functionality will live
> in the daemon, libsetrans seems unnecessary, and this would avoid both
> the overhead and the problems associated with dlopen'ing libsetrans from
> libselinux (including enabling the translation support to work from
> statically linked programs)?
>
>
Yes lets drop libsetrans and replace it with setrans daemon.
More information about the redhat-lspp
mailing list