Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: I am concerned about putting genhomedircon changes in libsemanage into Fedora 8.
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Wed, 26 Sep 2007 10:52:31 -0400
i.e. sepol_set_policydb_from_file() on the policy, and then sepol_check_context() on the contexts, as is done by setfiles -c.
> This would work, it would just take extra time at module load time. It I think the problem is that the templating mechanism isn't sufficiently flexible; the per-role contexts aren't necessarily valid for all cases. In any event, this is a regression between the old genhomedircon and the libsemanage reimplementation and should have been called out as a change in behavior in the patch set, even if the old behavior was flawed. So I guess Dan needs to stay with the old genhomedircon and libsemanage for Fedora 8. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 26 Sep 2007 - 11:01:10 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |