SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: New to SELinux -- any suggestions? This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Michael Graffam <michael.graffam_at_gmail.com> Date: Sun, 29 Oct 2006 01:05:58 -0500 On Sun, 2006-10-29 at 15:01 +1000, Russell Coker wrote: > On Sunday 29 October 2006 15:30, Michael Graffam <michael.graffam@gmail.com> > wrote: > > Thank you for the help. Can one AND/OR the contexts? Based on the above, > > it would seem to me that if an executable violated two points of policy > > it wouldn't be possible to 'bless' it -- since I'm sure this isn't the > > case, I'm wondering how I might apply multiple contexts. Or am I still > > out in left field here? > > I don't know what you mean by "bless" in this message. By "bless" I meant "Allow it to run regardless." Or "Give it the blessing to misbehave." > If however a file could have multiple types then such analysis would be > impossible unless you also had rules determining which pairs of contexts > might be applied to one file (in which case every permitted pair of contexts > could be mapped to a single context in the current SE Linux system for the > same result). OK, that makes perfect sense. I had figured that multiple contexts would be allowed, to prevent the possible need of expanding the number of required 'base' contexts. But, I can certainly see your point about the difficulty of analyzing all possible combinations. > > Whooo.. new ls fields too! Man, I feel like a kid again! This is > > great! :) Having been using GNU/Linux for so long, I almost forgot how > > fun it is to learn new stuff about it! > > There is also "id -Z", "ps -Z" and "cp -Z". There are also a few new > commands, in addition to chcon there's runcon and newrole (which isn't being > used so much nowadays) and there is semanage and getsebool/setsebool to > manage it. Thanks again for your help. Would you happen to know if there is a document somewhere which gives a general overview of the structure of the SELinux mechanisms, maybe with some details on the common contexts and so forth? -M -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sun 29 Oct 2006 - 01:07:00 EST This message: [ Message body ] Next message: Russell Coker: "Re: New to SELinux -- any suggestions?" Previous message: Russell Coker: "Re: New to SELinux -- any suggestions?" In reply to: Russell Coker: "Re: New to SELinux -- any suggestions?" Next in thread: Russell Coker: "Re: New to SELinux -- any suggestions?" Reply: Russell Coker: "Re: New to SELinux -- any suggestions?" Reply: Joshua Brindle: "Re: New to SELinux -- any suggestions?" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom