selinux January 2011 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: SELinux Policy compiler doesn't like leading number

Re: SELinux Policy compiler doesn't like leading numbers in fs names

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Wed Jan 12 2011 - 18:59:33 GMT
To: jwcart2@tycho.nsa.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/12/2011 01:56 PM, James Carter wrote:
> On Wed, 2011-01-12 at 13:36 -0500, Daniel J Walsh wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=668871
>
> Is there any logical reason for this or is this just a bug?
>
>> The filesystem name for a genfscon statement happens to be specified as
>> an identifier and an identifier must begin with a letter, but I don't
>> think that there is any technical reason for the restriction.
>
>> Would we want to allow all identifiers to be able to start with
>> alphanumeric characters (or maybe even "_") or just filesystem names?
>
>>
- --
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.

I would say allow any alphanumeric and _, and then let the refpolicy
guidelines control what gets into that policy. Forcing IBM to change
the name of their file system for SELinux seems a little nuts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0t+hUACgkQrlYvE4MpobMT2gCeMA/lLDF4bv1+rgNesFlHR42P
fIEAn06YCwRWmIrtjAvJIhwT+uQbOCfU
=L6cW
-----END PGP SIGNATURE-----

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.