Re: [PATCH 00/16] Permit filesystem local caching [try #3]
From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2007-08-15 16:30:42
Also in:
lkml, selinux
From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2007-08-15 16:30:42
Also in:
lkml, selinux
--- Stephen Smalley <sds@tycho.nsa.gov> wrote:
On Tue, 2007-08-14 at 08:53 -0700, Casey Schaufler wrote:quoted
--- David Howells <dhowells@redhat.com> wrote:quoted
Casey Schaufler [off-list ref] wrote:quoted
With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE, do your business of setting the label correctly, and then drop the capability. No new hooks required.That sounds like a contradiction. How can you both leave it alone andsetquoted
quoted
it?Whoops, sorry. You leave the process label alone and explicitly set the file label using the xattr interfaces.xattr interfaces don't help with the initial labeling of the file when it is created.
That's true. The deamon needs to run with an appropriate label. I don't believe that this is situation with a really simple solution because the activity being performed is unusual.
-- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
Casey Schaufler casey@schaufler-ca.com