Stephen Smalley <s...@tycho.nsa.gov> wrote: > Almost want to be able to compute a transition label for the ecryptfs > inodes from the lower inode label so that it can be derived from but > potentially different from the lower inode label. That way policy could > maintain per-file distinctions within an ecryptfs mount and distinguish > between access to the encrypted vs plaintext representations.
Yeah. What we want is something like: lower-inode-label + proposed-upper-label + subject-label -> inode-label By proposed-upper-label I mean the default label for a new inode at that the point in the directory tree at which the copy up will take place. David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
