On Wed, Dec 08, 2010 at 02:45:27PM -0500, Eric Paris wrote:
SELinux would like to implement a new labeling behavior of newly created
inodes. We currently label new inodes based on the parent and the creating
process. This new behavior would also take into account the name of the
new object
Eric == Eric Paris epa...@redhat.com writes:
Eric SELinux would like to implement a new labeling behavior of newly
Eric created inodes. We currently label new inodes based on the
Eric parent and the creating process. This new behavior would also
Eric take into account the name of the new
On Thu, 2010-12-09 at 10:05 -0500, John Stoffel wrote:
Eric == Eric Paris epa...@redhat.com writes:
So what happens when I create a file /home/john/shadow, does selinux
(or LSM in general) then run extra checks because the filename is
'shadow' in your model?
It's entirely a question of
Quoting John Stoffel (j...@stoffel.org):
Eric == Eric Paris epa...@redhat.com writes:
Eric SELinux would like to implement a new labeling behavior of newly
Eric created inodes. We currently label new inodes based on the
Eric parent and the creating process. This new behavior would also
Eric == Eric Paris epa...@redhat.com writes:
Eric On Thu, 2010-12-09 at 10:05 -0500, John Stoffel wrote:
Eric == Eric Paris epa...@redhat.com writes:
So what happens when I create a file /home/john/shadow, does selinux
(or LSM in general) then run extra checks because the filename is
On Thu, 2010-12-09 at 12:48 -0500, John Stoffel wrote:
Eric == Eric Paris epa...@redhat.com writes:
Eric On Thu, 2010-12-09 at 10:05 -0500, John Stoffel wrote:
Eric == Eric Paris epa...@redhat.com writes:
Eric This patch adds a 4th piece of information, the name of the
Eric object
