From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@epoch.ncsc.mil>
Cc: Colin Walters <walters@redhat.com>, SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Added is_context_configurable function
Date: Thu, 13 Jan 2005 09:57:46 -0500 [thread overview]
Message-ID: <41E68C6A.8070004@redhat.com> (raw)
In-Reply-To: <1105567743.23136.59.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
>On Wed, 2005-01-12 at 10:48, Colin Walters wrote:
>
>
>>Actually, thinking about this a bit: probably not. On my system I have
>>several times changed the SELinux user identity component of file
>>contexts from the default system_u to e.g. foo_u. The reason is that
>>the constraints prevent a user from relabeling a file unless the SELinux
>>user matches. So a list of alternate types would not be sufficient in
>>this case.
>>
>>
><snip>
>
>
>>It seems the SELinux uid, for one. Also perhaps whether or not the
>>pathname is part of the standard filesystem. There seems to me to be a
>>difference between a very well known file such as /etc/shadow being
>>mislabeled according to file_contexts versus an unknown path such
>>as /apps/web/blah.
>>
>>
>
>Ok, so I take this to mean that I should await a new patchset from Dan
>that supports this more general way of specifying customizable contexts
>based on a combination of type, user identity, and file location. Yes?
>
>
>
No. I gave a patch to handle user customizable file_context
(file_context.local) which will sort of do this.
Restorecon/setfiles currently modify the user section of the
file_context which should stop unless you specify a -F
this would preserve the functionality that Colin wants.
Dan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-01-13 14:57 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-10 22:17 Added is_context_configurable function Daniel J Walsh
2005-01-11 15:22 ` Stephen Smalley
2005-01-11 16:12 ` Daniel J Walsh
2005-01-11 20:00 ` Stephen Smalley
2005-01-11 20:31 ` Daniel J Walsh
2005-01-11 20:35 ` Stephen Smalley
2005-01-11 20:58 ` Daniel J Walsh
2005-01-11 22:25 ` Colin Walters
2005-01-11 22:10 ` Colin Walters
2005-01-12 0:19 ` Casey Schaufler
2005-01-12 14:19 ` Stephen Smalley
2005-01-12 14:44 ` Daniel J Walsh
2005-01-12 15:37 ` Daniel J Walsh
2005-01-20 15:29 ` Stephen Smalley
2005-01-12 15:39 ` Daniel J Walsh
2005-01-20 15:32 ` Stephen Smalley
2005-01-12 15:48 ` Colin Walters
2005-01-12 22:09 ` Stephen Smalley
2005-01-13 3:52 ` Colin Walters
2005-01-13 14:55 ` Daniel J Walsh
2005-01-13 15:53 ` Colin Walters
2005-01-13 16:01 ` Daniel J Walsh
2005-01-13 14:57 ` Daniel J Walsh [this message]
2005-01-12 18:19 ` Luke Kenneth Casson Leighton
2005-01-12 18:15 ` Colin Walters
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41E68C6A.8070004@redhat.com \
--to=dwalsh@redhat.com \
--cc=SELinux@tycho.nsa.gov \
--cc=sds@epoch.ncsc.mil \
--cc=walters@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.