* The use of fscontext(iso9660_t)
@ 2014-05-26 6:18 dE
2014-05-27 12:48 ` Christopher J. PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: dE @ 2014-05-26 6:18 UTC (permalink / raw)
To: selinux
The obvious point of a type value for a certain FS is to restrict
programs from doing things which are not allowed on that FS.
iso9660/UDF etc... is a RO FS. So writing on it should not be allowed.
But I can write to files having this security context.
So what's the utility of, atleast iso9660_t?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: The use of fscontext(iso9660_t)
2014-05-26 6:18 The use of fscontext(iso9660_t) dE
@ 2014-05-27 12:48 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2014-05-27 12:48 UTC (permalink / raw)
To: dE, selinux
On 05/26/2014 02:18 AM, dE wrote:
> The obvious point of a type value for a certain FS is to restrict programs from doing things which are not allowed on that FS.
>
> iso9660/UDF etc... is a RO FS. So writing on it should not be allowed. But I can write to files having this security context.
>
> So what's the utility of, atleast iso9660_t?
Questions about Reference Policy should be asked on its list.
The purpose of iso9660_t is to provide a separate type for that media, not to reinforce the fact that the disks are read-only by policy. By being a file type, certain domains can write to it since they can write to all file types.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-05-27 12:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-26 6:18 The use of fscontext(iso9660_t) dE
2014-05-27 12:48 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.