selinux breaks revisor

Till Maas opensource at till.name
Thu Jan 24 17:11:50 UTC 2008


On Thu January 24 2008, Chuck Anderson wrote:

> What do you do if the outside namespace wants to label a file
> differently than the inner namespace?  Create separate namespaces for
> the on-disk xattrs?

Yes, this is what I meant with different namespaces, seperate namespaces for 
the xattrs within the filesystem should be used. Maybe specifying the 
namespace for the labels of the inner selinux should be an option for chroot 
then. And it should be the normal situation that the labels differ, because 
the outside policy should more or less allow everthing for stuff inside the 
chroot directory, but the inside policy would enforce more restrictions.

Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080124/2c250894/attachment.sig>


More information about the fedora-devel-list mailing list