Andrew Morgan,
>> I'll post the patch of setfcaps/getfcap for his tree.
>> I believe it is better way to maintain.
>>
>> Thanks,
The following patch to libcap enables to display file capabilities
recursively on the enumerated directories when -r is specified.
In addition, some other features are
On Fri, 9 Nov 2007, Paul Moore wrote:
> + /* Between selinux_compat_net and selinux_policycap_netpeer this is
> + * starting to get a bit messy - we need to setup a timetable for
> + * deprecating some of this old/obsolete functionality so we can
> + * reclaim some level of sani
On Fri, 9 Nov 2007, Paul Moore wrote:
> Add additional Flask definitions to support the new "peer" object class.
Should this be dependent on dynamic class/permission support?
Or, will these checks only be invoked if labled networking is configured?
--
James Morris
<[EMAIL PROTECTED]>
-
To uns
Hi Pavel,
On Nov 11, 2007 2:44 PM, Pavel Machek <[EMAIL PROTECTED]> wrote:
> Hi!
>
> > > A Smack Rule in an "egrep" format is:
> > >
> > > "^[:space:]*Subject[:space:]+Object[:space:]+[rwxaRWXA-]+[:space:]*\n"
>
> Perhaps you should make it space, not 'space or tab', and only allow
> lowercase per
Hi!
> > A Smack Rule in an "egrep" format is:
> >
> > "^[:space:]*Subject[:space:]+Object[:space:]+[rwxaRWXA-]+[:space:]*\n"
Perhaps you should make it space, not 'space or tab', and only allow
lowercase permissions? That way, parser will be slightly simpler, and
you'll still have a chance to us
On Sat, November 10, 2007 22:04, Andi Kleen wrote:
> Crispin Cowan <[EMAIL PROTECTED]> writes:
>
> The document should be a good base for a merge.
>
>> * A confined process can operate on a file descriptor passed to it
>> by an unconfined process, even if it manipulates a file not in the