From: pebenito@gentoo.org (Chris PeBenito)
Date: Tue, 01 Jun 2010 08:39:06 -0400
Subject: [refpolicy] constraints as modules
In-Reply-To: <201005292155.07061.russell@coker.com.au>
References: <201005292155.07061.russell@coker.com.au>
Message-ID: <1275395946.2995.5.camel@defiant>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sat, 2010-05-29 at 21:55 +1000, Russell Coker wrote:
> Would it be possible to allow constraints in modules?

No, not with the current toolchain.

> I think it would be ideal if the difference between a MLS system and an MCS 
> system was a single module containing constraints.

While I would agree, there are other issues.  The MLS information for
labeling, range_transitions, users, etc. would also have to be enabled
on all modules, and then stripped if MLS is disabled.  On top of that
how would you handle MLS vs. MCS since they use the same (MLS) field?

-- 
Chris PeBenito
<pebenito@gentoo.org>
Developer,
Hardened Gentoo Linux