--- "Ahmed S. Darwish" <[EMAIL PROTECTED]> wrote: > > > Perhaps I misunderstand, but Smack labels don't represent users (i.e. > > user identity) in any way, so it seemed like a mismatch to use the _USER > > flag there. Whereas types in SELinux bear some similarity to Smack > > labels - simple unstructured names whose meaning is only defined by the > > policy rules. > > > > I think Casey meant the common use of Smack where a login program > (openssh, bin/login, ..) sets a label for each user that logs in, thus > letting each label effectively representing a user.
No, I really just don't care which name gets used because none of them map properly but I don't see value in adding a new one. I say _USER is fine. I dislike _TYPE because it implies structure that isn't there and I dislike _ROLE because someone may want to implement roles on top of Smack (it wouldn't be hard) and don't want to start using that term for a specific meaning that might give 'em fits. > > In a sense, smack labels share a bit of _USER and _TYPE. And maybe _ROLE, if you look at it from the right angle. I don't think that it matters. Create a new _LATEFORDINNER if that makes y'all feel better. Best of all would be to stick with _USER and call it done. Thank you. Casey Schaufler [EMAIL PROTECTED] -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
