[PATCH 3/5] cr: add generic LSM c/r support

Serge E. Hallyn serge at hallyn.com
Sun Aug 30 13:26:43 PDT 2009


Quoting Casey Schaufler (casey at schaufler-ca.com):
> Serge E. Hallyn wrote:
> > Quoting Casey Schaufler (casey at schaufler-ca.com):
> > I know, I know,  I should come up with a better name.  But while
> > an selinux context would be
> >
> >   root_u:root_r:root_t
> >
> > the blob I have to checkpoint for a task would perhaps be
> >
> >   root_u:root_r:root_t:::null:::null::null:::user_u:serge_r:serge_t:::null
> >   
> 
> What you really want is a textual representation of the security blob
> if I read this correctly.

Exactly.

>  Seems like you could call this either a
> "blob string" or a "context collection" or a "checkpoint string".

Object security state?  "Foss" for full object security state?

I suspect I'll default to blob...

-serge


More information about the Containers mailing list