On Mon, Mar 28, 2005 at 01:23:39PM -0500, Stephen Smalley wrote:
> On Mon, 2005-03-28 at 19:27 +0100, Luke Kenneth Casson Leighton wrote:
> > ... question: in what ways do you ensure that a security-aware
> > compromised program is only allowed to create certain filetypes?
>
> In the same manner as with a security-unaware program; the domain must
> be allowed create permission to the file type via an allow rule.
 

 ... there's nothing special needed? ...  

 oh - yes, i get it. create filetype.
 nothing to do with file_type_auto_trans itself.

 l.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.