Thread (41 messages) 41 messages, 3 authors, 2007-08-15

Re: [PATCH 00/16] Permit filesystem local caching [try #3]

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2007-08-15 16:30:42
Also in: lkml, selinux

--- Stephen Smalley <sds@tycho.nsa.gov> wrote:
On Tue, 2007-08-14 at 08:53 -0700, Casey Schaufler wrote:
quoted
--- David Howells <dhowells@redhat.com> wrote:
quoted
Casey Schaufler [off-list ref] wrote:
quoted
With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE,
do your business of setting the label correctly, and then drop
the capability. No new hooks required.
That sounds like a contradiction.  How can you both leave it alone and
set
quoted
quoted
it?
Whoops, sorry. You leave the process label alone and explicitly
set the file label using the xattr interfaces.
xattr interfaces don't help with the initial labeling of the file when
it is created.
That's true. The deamon needs to run with an appropriate label.
I don't believe that this is situation with a really simple solution
because the activity being performed is unusual. 
 
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.


Casey Schaufler
casey@schaufler-ca.com
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help