Naming convention flames
Stephen Smalley
sds at epoch.ncsc.mil
Fri Apr 2 20:44:19 UTC 2004
On Fri, 2004-04-02 at 15:14, Dax Kelson wrote:
> So how do the SELinux file contexts interact?
The policy specifies rules for labeling new files based on:
- the context of the creating process,
- the context of the parent directory,
- the kind of file (e.g. regular, directory, symlink, device,...).
By default (in the absence of any matching rule in the policy), there is
a standard manner in which the context is computed from the creating
process context and parent directory context.
The allowed accesses between a given process context and a given file
context are explicitly defined via an access matrix, specified via the
policy.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list