Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Handling labeling on filesystems that don't support SELinux
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 17 Nov 2008 10:26:45 -0500
> I have been waiting for some one else to respond to this. I think this You'd want to distinguish EOPNOTSUPP from other errors in that case. But note that this won't catch certain filesystems (like the vfat example he gave), as changing the in-core context of a file labeled via genfscon rules is supported presently. We could possibly change that to also return EOPNOTSUPP. The problem with using getfilecon() to probe for support is that SELinux always assigns some security context to each file for access control purposes, even if the underlying filesystem doesn't support storage. If we had separate getfilecon() vs. getxattr() kernel interface ala FreeBSD, applications could test for support for storage separately, but that isn't the case and is unlikely to change. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 17 Nov 2008 - 10:28:14 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |