[idea] udev + selinux
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Tue Aug 31 20:02:10 UTC 2004
On Tue, Aug 31, 2004 at 03:26:43PM -0400, Stephen Smalley wrote:
> On Tue, 2004-08-31 at 15:18, Luke Kenneth Casson Leighton wrote:
> > i think we need the input of more experienced people than us to
> > say why these associate things are needed.
>
> It provides control over the set of files that can live in a given
> filesystem, based on their security types (equivalence classes). As you
> are now creating device types in a different filesystem type, further
> allow rules are needed to allow that association.
>
> > a correct implementation of the
> > hacked-together-relaxed-fscontext-hooks.c-patch results in an atomic
> > operation (mount with a new context which would otherwise need to be
> > achieved with two commands: mount followed by restorecon)
>
> The more important issue is that fscontext= lets you set the superblock
> security context, not just the root directory context. restorecon can't
> do that.
ah.
thanks for clarifying, steven.
l.
More information about the fedora-selinux-list
mailing list