Re: I would like to change the behavior of MCS label creations in directory.

From: Guido Trentalancia <guido_at_nospam>
Date: Thu Sep 22 2011 - 20:13:30 GMT
To: Daniel J Walsh <dwalsh@redhat.com>

On Thu, 2011-09-22 at 15:53 -0400, Daniel J Walsh wrote:
> Currently if I create a directory labeled
>
> etc_t:s0:c1
>
> And with a process running as unconfined_t:s0-s0:c0.c1023 create a
> file within the directory, the file gets created with the label
> etc_t:s0. I would like to change the behavior to creating the file
> as etc_t:s0:c1.
>
> That way an administrator could modify files within a sandbox and have
> the files be labeled correctly.
>
> I believe this behavior differs from MLS but believe this would be
> what the admin expects.
>
> Is changing this a kernel or policy issue?

Should be a kernel issue. Sounds interesting.

Regards,

Guido

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Guido Trentalancia: "[PATCH] Indentation error for Python module seobject (fix typo)"
Previous message: Daniel J Walsh: "I would like to change the behavior of MCS label creations in directory."
In reply to: Daniel J Walsh: "I would like to change the behavior of MCS label creations in directory."
Next in thread: Stephen Smalley: "Re: I would like to change the behavior of MCS label creations in directory."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]