Re: Add glob support for restorecond

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <method@manicmethod.com>
To: Daniel J Walsh <dwalsh@redhat.com>
Cc: SE Linux <selinux@tycho.nsa.gov>
Subject: Re: Add glob support for restorecond
Date: Fri, 12 Sep 2008 09:59:13 -0400	[thread overview]
Message-ID: <48CA75B1.1020605@manicmethod.com> (raw)
In-Reply-To: <48C57717.7080903@redhat.com>

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have added supported for GLOB expressions in restorecond.  In order to
> get nsplugin to work well, you need all of the contents of the homedir
> labeled correctly.  Unfortunately gnome creates directories at a fairly
> random pace.  FCFS.  So it is very difficult to get transitions to
> happen properly.  As a tradeoff, we can use restorecond to watch the
> homedir and relabel the directory when it is created.  I know this is a
> potential race condition. where some of the files created in the
> directory will still have the wrong context, but I don't know of a
> better solution.
> 
> Telling everyone they need to restorcon -R -v ~ is not a great solution.
>  If you are worried about information flow you should never rely on
> restorecond.
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkjFdxcACgkQrlYvE4MpobPtjACg3uyqaHD78FRxdaG5mfitnoB/
> lh0AnjvfDC2vmCWisxzWq2qFsZMMu3XK
> =JiG7
> -----END PGP SIGNATURE-----
> 

Merged in policycoreutils 2.0.56

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

     prev parent reply	other threads:[~2008-09-12 13:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-09-08 19:03 Add glob support for restorecond Daniel J Walsh
2008-09-12 13:59 ` Joshua Brindle [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48CA75B1.1020605@manicmethod.com \
    --to=method@manicmethod.com \
    --cc=dwalsh@redhat.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.