[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Added is_context_configurable function

To: Colin Walters <walters@xxxxxxxxxx>
Subject: Re: Added is_context_configurable function
From: Stephen Smalley <sds@xxxxxxxxxxxxxx>
Date: Wed, 12 Jan 2005 17:09:03 -0500
Cc: Daniel J Walsh <dwalsh@xxxxxxxxxx>, SELinux <SELinux@xxxxxxxxxxxxx>
In-reply-to: <1105544883.10150.17.camel@xxxxxxxxxxxxxxxxxxxx>
Organization: National Security Agency
References: <41E2FEF4.5070604@xxxxxxxxxx> <1105456934.20566.52.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <41E3FAF4.2060109@xxxxxxxxxx> <1105473610.20566.123.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1105481440.24748.22.camel@xxxxxxxxxxxxxxxxxxxx> <1105539555.22495.28.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1105544883.10150.17.camel@xxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Wed, 2005-01-12 at 10:48, Colin Walters wrote:
> Actually, thinking about this a bit: probably not.  On my system I have
> several times changed the SELinux user identity component of file
> contexts from the default system_u to e.g. foo_u.  The reason is that
> the constraints prevent a user from relabeling a file unless the SELinux
> user matches.  So a list of alternate types would not be sufficient in
> this case.
<snip>
> It seems the SELinux uid, for one.  Also perhaps whether or not the
> pathname is part of the standard filesystem.  There seems to me to be a
> difference between a very well known file such as /etc/shadow being
> mislabeled according to file_contexts versus an unknown path such
> as /apps/web/blah.

Ok, so I take this to mean that I should await a new patchset from Dan
that supports this more general way of specifying customizable contexts
based on a combination of type, user identity, and file location.  Yes?

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Added is_context_configurable function
  - From: Colin Walters
- Re: Added is_context_configurable function
  - From: Daniel J Walsh

References:
- Added is_context_configurable function
  - From: Daniel J Walsh
- Re: Added is_context_configurable function
  - From: Stephen Smalley
- Re: Added is_context_configurable function
  - From: Daniel J Walsh
- Re: Added is_context_configurable function
  - From: Stephen Smalley
- Re: Added is_context_configurable function
  - From: Colin Walters
- Re: Added is_context_configurable function
  - From: Stephen Smalley
- Re: Added is_context_configurable function
  - From: Colin Walters

Prev by Date: Re: root and change of passwords
Next by Date: Re: [patch] allow users of tmp_domain to read /usr/tmp
Previous by thread: Re: Added is_context_configurable function
Next by thread: Re: Added is_context_configurable function
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.