2023-03-24 18:16:17

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy3 RFC] Drop suffixes?

I am considering dropping the suffixes from users, roles, and types.
init_t would become init, user_r would become user, etc.

Thoughts?

--
Chris PeBenito


2023-03-24 18:33:09

by Dominick Grift

[permalink] [raw]
Subject: Re: [refpolicy3 RFC] Drop suffixes?

Chris PeBenito <[email protected]> writes:

> I am considering dropping the suffixes from users, roles, and
> types. init_t would become init, user_r would become user, etc.
>
> Thoughts?

One thought I have is: might this in some cases conflict with keywords?
i.e. is it technically possible?

If the suffixes have no real use then I would probably drop them, provided
that it is technically possible.

I use suffixes in my policy but they are used for templates and they are
generally also more descriptive.

--
gpg --locate-keys [email protected]
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
Dominick Grift

2023-03-25 10:04:48

by Russell Coker

[permalink] [raw]
Subject: Re: [refpolicy3 RFC] Drop suffixes?

On Saturday, 25 March 2023 05:10:10 AEDT Chris PeBenito wrote:
> I am considering dropping the suffixes from users, roles, and types.
> init_t would become init, user_r would become user, etc.

Even when the syntax prevents the compiler from being confused there is a
benefit to avoiding user confusion. So having user_r:user_t change to
user:user would be bad IMHO.

22 years ago this might have been justified by reducing RAM use or something
but that doesn't apply now. What's the motivation for this?

--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/

2023-03-27 12:49:29

by Chris PeBenito

[permalink] [raw]
Subject: Re: [refpolicy3 RFC] Drop suffixes?

On 3/25/2023 05:15, Russell Coker wrote:
> On Saturday, 25 March 2023 05:10:10 AEDT Chris PeBenito wrote:
>> I am considering dropping the suffixes from users, roles, and types.
>> init_t would become init, user_r would become user, etc.
>
> Even when the syntax prevents the compiler from being confused there is a
> benefit to avoiding user confusion. So having user_r:user_t change to
> user:user would be bad IMHO.
>
> 22 years ago this might have been justified by reducing RAM use or something
> but that doesn't apply now. What's the motivation for this?

Since refpolicy3 is a major change, I've been reexamining past
decisions. Now is the time to make significant changes.

--
Chris PeBenito