From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l7EFrvV7022762 for ; Tue, 14 Aug 2007 11:53:57 -0400 Received: from web36613.mail.mud.yahoo.com (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with SMTP id l7EFrt76017801 for ; Tue, 14 Aug 2007 15:53:55 GMT Date: Tue, 14 Aug 2007 08:53:39 -0700 (PDT) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: [PATCH 00/16] Permit filesystem local caching [try #3] To: David Howells , casey@schaufler-ca.com Cc: dhowells@redhat.com, Stephen Smalley , torvalds@osdl.org, akpm@osdl.org, steved@redhat.com, trond.myklebust@fys.uio.no, linux-fsdevel@vger.kernel.org, linux-cachefs@redhat.com, nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, LSM List In-Reply-To: <1079.1187084397@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Message-ID: <861956.50630.qm@web36613.mail.mud.yahoo.com> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov --- David Howells wrote: > Casey Schaufler wrote: > > > With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE, > > do your business of setting the label correctly, and then drop > > the capability. No new hooks required. > > That sounds like a contradiction. How can you both leave it alone and set > it? Whoops, sorry. You leave the process label alone and explicitly set the file label using the xattr interfaces. Casey Schaufler casey@schaufler-ca.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1764001AbXHNPxx (ORCPT ); Tue, 14 Aug 2007 11:53:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1758129AbXHNPxm (ORCPT ); Tue, 14 Aug 2007 11:53:42 -0400 Received: from web36613.mail.mud.yahoo.com ([209.191.85.30]:43557 "HELO web36613.mail.mud.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with SMTP id S1753224AbXHNPxk (ORCPT ); Tue, 14 Aug 2007 11:53:40 -0400 X-YMail-OSG: WUdQNnoVM1msoaAQ1mctyz6nrbbB5DrZaxz7c211TQbiqZfLO_pLoKZc0EuDMdqdBPafbEYTfQ-- X-RocketYMMF: rancidfat Date: Tue, 14 Aug 2007 08:53:39 -0700 (PDT) From: Casey Schaufler Reply-To: casey@schaufler-ca.com Subject: Re: [PATCH 00/16] Permit filesystem local caching [try #3] To: David Howells , casey@schaufler-ca.com Cc: dhowells@redhat.com, Stephen Smalley , torvalds@osdl.org, akpm@osdl.org, steved@redhat.com, trond.myklebust@fys.uio.no, linux-fsdevel@vger.kernel.org, linux-cachefs@redhat.com, nfsv4@linux-nfs.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, LSM List In-Reply-To: <1079.1187084397@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Message-ID: <861956.50630.qm@web36613.mail.mud.yahoo.com> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org --- David Howells wrote: > Casey Schaufler wrote: > > > With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE, > > do your business of setting the label correctly, and then drop > > the capability. No new hooks required. > > That sounds like a contradiction. How can you both leave it alone and set > it? Whoops, sorry. You leave the process label alone and explicitly set the file label using the xattr interfaces. Casey Schaufler casey@schaufler-ca.com