From: Dale Amon <amon@vnl.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Russell Coker <russell@coker.com.au>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: setfiles and non-SE systems
Date: Mon, 1 Dec 2003 19:14:56 +0000 [thread overview]
Message-ID: <20031201191456.GO11972@vnl.com> (raw)
In-Reply-To: <1070289743.12270.91.camel@moss-spartans.epoch.ncsc.mil>
On Mon, Dec 01, 2003 at 09:42:23AM -0500, Stephen Smalley wrote:
> Right, if the xattr handlers for the security namespace were added to
> the EA/ACL patches, then you could assign the security.selinux
> attributes on a kernel with only those patches. However:
> - that still requires a patched kernel (unless those patches
> get upstreamed to mainline 2.4)
> - If you are going to build a patched kernel, then you might as
> well build a SELinux kernel and just boot with selinux=0 to perform the
> initial labeling. Same end result, a kernel that has the xattr handler
> but isn't running SELinux.
Point taken. I probably could live with that...
Question though: I take it that all that is needed is
the EA/ACL security attributes. Like the handler
I did for reiserfs I take it?
Anyway Steve, thanks for the ideas. I'm going to go
off and look into approaches based on the above and
see if it works out for me.
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2003-12-01 19:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-01 10:02 setfiles and non-SE systems Russell Coker
2003-12-01 14:42 ` Stephen Smalley
2003-12-01 19:14 ` Dale Amon [this message]
2003-12-01 19:23 ` Stephen Smalley
2003-12-02 0:43 ` Dale Amon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20031201191456.GO11972@vnl.com \
--to=amon@vnl.com \
--cc=russell@coker.com.au \
--cc=sds@epoch.ncsc.mil \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.