> This was my concern, so this resolves the problem although the
> operation polmatch is a bit non-intuitive.
Ideally speaking, it would be in a separate class of its own
(a new xfrmpolicy or such class), but it seems a little bit of
an overkill, which is the reason why I specified the "pol" prefix
to "match", to make the meaning apparent while looking at the
association class as one encompassing the entire set of ipsec related
perms.
>
> Should we use another term? ('use' 'apply' -- poluse doesn't
> sound so
> good) Is there a precedent for this type of operation in SELinux?
As far as a precedent for this type of operation, I will have to
defer to others more conversant with all the flask perms.
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
