Is this the right approach for passing the SEL context though? We don't
pass ACL permissions for queues that way, at least at present. Would a
config file that defines any necessary mapping work? I would prefer to
keep SELinux specific stuff within an ACL implementation plugin if at
all
Joshua Kramer wrote:
You are correct - it's trivial to store the SEL context in a file, much
as the ACL's are stored in a file currently. But it presents this
problem: suppose I intend to have an SELinux ACL declaring that the
server queue called SecretData can only be read by users with type
