[redhat-lspp] Re: [RFC] [MLSXFRM 02/04] Add enforcement to SE Linux LSM
Venkat Yekkirala
vyekkirala at TrustedCS.com
Wed Jun 21 19:09:10 UTC 2006
> This was my concern, so this resolves the problem although the
> operation polmatch is a bit non-intuitive.
Ideally speaking, it would be in a separate class of its own
(a new xfrmpolicy or such class), but it seems a little bit of
an overkill, which is the reason why I specified the "pol" prefix
to "match", to make the meaning apparent while looking at the
association class as one encompassing the entire set of ipsec related
perms.
>
> Should we use another term? ('use' 'apply' -- poluse doesn't
> sound so
> good) Is there a precedent for this type of operation in SELinux?
As far as a precedent for this type of operation, I will have to
defer to others more conversant with all the flask perms.
More information about the redhat-lspp
mailing list