[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: file_type_auto_trans is not sufficient
On Tue, 2005-05-31 at 22:21 +0100, Luke Kenneth Casson Leighton wrote:
> thinking "sideways" again - as i am wont to do.
>
> how about... a "sideways" solution to this - at the kernel level?
>
> a "silent" redirection / remount, on a per-application basis?
>
> no, i'm not joking.
>
> an option to "mount" which allows a specific APPLICATION (or group of
> applications) to have any files/directories it creates/accesses in a
> subdirectory ACTUALLY occur ELSEWHERE.
That's polyinstantiated directories. See Chad Seller's postings.
However, it uses the kernel's existing support for per-process
namespaces and bind mounts rather than anything new in the kernel.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.