selinux breaks revisor
Till Maas
opensource at till.name
Thu Jan 24 17:11:50 UTC 2008
On Thu January 24 2008, Chuck Anderson wrote:
> What do you do if the outside namespace wants to label a file
> differently than the inner namespace? Create separate namespaces for
> the on-disk xattrs?
Yes, this is what I meant with different namespaces, seperate namespaces for
the xattrs within the filesystem should be used. Maybe specifying the
namespace for the labels of the inner selinux should be an option for chroot
then. And it should be the normal situation that the labels differ, because
the outside policy should more or less allow everthing for stuff inside the
chroot directory, but the inside policy would enforce more restrictions.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080124/2c250894/attachment.sig>
More information about the fedora-devel-list
mailing list