On Wed, Jun 17, 2015 at 5:24 AM, Stephen Smalley <[email protected]> wrote:
> On 06/17/2015 07:09 AM, William Roberts wrote: > > I was forgetting that ueventd and watchdogd are just symlinks back to > > init, not sure what the best approach is for them. Perhaps we could > > compute the "seclabel" implicitly from the linkfile label and > > setexecon() based on that. > > No, just keep using seclabel for them, please. > There are legitimate uses for seclabel; we just want to keep them minimal > Yes I am not saying those are invalid uses of seclabel. However, to have N different ways of doing things is less than ideal. It should be either present and used in many places, or dead completely. If we leave support for it, its one more thing a policy author needs to learn and understand. what are the problems with computing it, we have the information available to properly do so. We would likely want to verify that the links resolve within the rootfs.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
