[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: file contexts and modularity

To: Janak Desai <janak@xxxxxxxxxx>
Subject: Re: file contexts and modularity
From: Ivan Gyurdiev <gyurdiev@xxxxxxxxxx>
Date: Wed, 29 Jun 2005 16:43:59 -0400
Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>, Karl MacMillan <kmacmillan@xxxxxxxxxx>, selinux@xxxxxxxxxxxxx, "'Daniel J Walsh'" <dwalsh@xxxxxxxxxx>
In-reply-to: <42C302F9.4080901@xxxxxxxxxx>
Organization: Red Hat Inc.
References: <200506291905.j5TJ4r7f019262@xxxxxxxxxxxxxxxxxxxxxxxxxx> <1120073041.20484.70.camel@xxxxxxxxxxxxxxxxxxxxxxxxx> <1120074657.3553.217.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1120075381.20484.75.camel@xxxxxxxxxxxxxxxxxxxxxxxxx> <42C302F9.4080901@xxxxxxxxxx>
Reply-to: gyurdiev@xxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx

> Subdirectory context is obtained from the policy
> using security_compute_member() call. 

int security_compute_member(security_context_t scon,
                            security_context_t tcon,
                            security_class_t tclass,
                            security_context_t *newcon)

So, it seems to me that
this is insufficient basis to determine proper newcon - 
file_type_auto_trans doesn't work for the same reason.

(scon, tcon, tclass) -> newcon 

is a 1:many map, and not 1:1.

So...how will pre-creation work if the file_contexts.homedirs
file is erased (the only many:1 map available, 
which becomes 1:1 given evaluation order).


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: file contexts and modularity
  - From: Ivan Gyurdiev
- Re: file contexts and modularity
  - From: Stephen Smalley

References:
- RE: file contexts and modularity
  - From: Karl MacMillan
- RE: file contexts and modularity
  - From: Ivan Gyurdiev
- RE: file contexts and modularity
  - From: Stephen Smalley
- RE: file contexts and modularity
  - From: Ivan Gyurdiev
- Re: file contexts and modularity
  - From: Janak Desai

Prev by Date: RE: file contexts and modularity
Next by Date: Re: file contexts and modularity
Previous by thread: Re: file contexts and modularity
Next by thread: Re: file contexts and modularity
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.