From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Darrel Goeddel <dgoeddel@TrustedCS.com>,
James Morris <jmorris@redhat.com>,
SELinux <SELinux@tycho.nsa.gov>
Subject: Re: Problems with MCS/Targeted policy update.
Date: Fri, 26 Aug 2005 14:50:28 -0400 [thread overview]
Message-ID: <430F6474.1040802@redhat.com> (raw)
In-Reply-To: <1125080692.8692.82.camel@moss-spartans.epoch.ncsc.mil>
Stephen Smalley wrote:
>On Fri, 2005-08-26 at 14:16 -0400, Daniel J Walsh wrote:
>
>
>>Basically this patch checks to see if
>>mls and translation is enabled and the *getfilecon_raw returns a context
>>without a level, it calls the untranslate function to try to get a
>>level, with MCS this will get you a s0. So we could put back the raw
>>calls in rpm_execcon.
>>
>>So we could have most contexts on disk without the s0 and the getfilecon
>>raw call will return it.
>>
>>
>
>Umm....I really don't think we want to do this.
>
>If you want transparently insert and remove a default MLS level in your
>libsetrans, that is fine. But I don't want this in libselinux.
>
>I think we need to change the kernel to setxattr the on-disk xattr to be
>consistent with the incore inode security label in these cases, which
>will also solve the problem for us (once that is upstreamed).
>
>
>
Ok then I think the security_context_to_sid functions in the kernel need
to change to do the translation.
Dan
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-08-26 18:50 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-24 13:34 Problems with MCS/Targeted policy update Daniel J Walsh
2005-08-24 14:20 ` Stephen Smalley
2005-08-24 15:14 ` Daniel J Walsh
2005-08-25 14:44 ` Stephen Smalley
2005-08-25 15:12 ` Stephen Smalley
2005-08-25 15:19 ` Karl MacMillan
2005-08-25 16:14 ` Stephen Smalley
2005-08-25 18:13 ` Karl MacMillan
2005-08-26 18:16 ` Daniel J Walsh
2005-08-26 18:24 ` Stephen Smalley
2005-08-26 18:50 ` Daniel J Walsh [this message]
2005-08-26 18:55 ` Stephen Smalley
2005-08-26 18:51 ` Daniel J Walsh
2005-08-26 18:25 ` Daniel J Walsh
2005-08-26 18:27 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=430F6474.1040802@redhat.com \
--to=dwalsh@redhat.com \
--cc=SELinux@tycho.nsa.gov \
--cc=dgoeddel@TrustedCS.com \
--cc=jmorris@redhat.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.