Naming convention flames
Dax Kelson
dax at gurulabs.com
Fri Apr 2 20:14:54 UTC 2004
On Fri, 2004-04-02 at 12:37, James Morris wrote:
> On Fri, 2 Apr 2004, Dax Kelson wrote:
>
> > Speaking of which, how does SELinux file permissions interact with a
> > directory that has a default ACL applied?
>
> SELinux only provides additional restrictions to existing DAC logic, so if
> the ACL says "ok", SELinux can still override it. If the ACL says "no",
> access will be denied before SELinux is invoked.
Let me explain in more detail.
I can set a default ACL on a directory so that any new files/directories
created within that directory are writable by users joe, mike and sally
and the groups hr and sales in addition to the standard uid and gid of
the file (with permissions determined by the umask).
It's more flexible than that even. The additional users and groups can
each have unique permissions (rwx, r-x, rw-, etc).
That's pretty darn cool and makes it so that the user-private-group
scheme is no longer needed.
So how do the SELinux file contexts interact?
I guess I should go grok all this so I can answer my own questions. :)
I have a couple projects to get done, then SELinux is next on the list.
Dax Kelson
Guru Labs
More information about the fedora-selinux-list
mailing list