extended attributes
Stephen Smalley
sds at tycho.nsa.gov
Thu May 4 18:39:34 UTC 2006
On Thu, 2006-05-04 at 21:39 +1000, Russell Strong wrote:
> I don't know much about selinux, but doesn't that also use extended
> attributes. I've tried writing a file with a unique selinux label,
> verified using stat that the inode number changed, however it kept it's
> selinux extended attributes. Am I wrong about selinux?
vim has been patched in Fedora to preserve the SELinux attribute;
otherwise, it wouldn't happen (unless it just happened to be preserved
as a result of default directory inheritance or type transition defined
in the policy, but that isn't sufficient for all the files you might
happen to edit). Upstream vim also includes awareness of POSIX ACLS, I
think. But not for arbitrary EAs.
--
Stephen Smalley
National Security Agency
More information about the fedora-list
mailing list