[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dynamic context transitions
On Tue, Feb 15, 2005 at 04:21:20PM -0600, Darrel Goeddel wrote:
> Luke Kenneth Casson Leighton wrote:
> >stephen,
> >
> >i assume it _is_ necessary to perform dynamic auto transitions?
> >
> >such that i can track to alternative contexts, yes?
> >
>
> Could you explain what you mean by "dynamic auto transitions"? An auto
> transition is a policy defined transition upon exec. The dynamic
> transitions (setcon) are done programatically.
yes, and they're absolutely awful.
as explained in a message which has crossed with this one
and outlines some pseudo-code in which a security context is
HARD-CODED into the program.
plus a patch which _implements_ "dynamic auto transitions".
so i'm hoping that my other message will cover this question,
which you should receive in the next few mins.
l.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.