Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Added is_context_configurable function
From: Colin Walters <walters_at_redhat.com>
Date: Wed, 12 Jan 2005 22:52:32 -0500
This is a complex issue, given we've been going back and forth on this for months now, with several proposed patches. The last time this came up in October, you posted a good message: http://marc.theaimsgroup.com/?l=selinux&m=109872521815476&w=2 You say:
> The file_contexts configuration and setfiles were only intended to And I couldn't agree more. If we can get to the point where we never (and I really mean never!) tell users to run "fixfiles relabel", I think a lot of these problems would essentially just go away. I brainstormed a bit in another message in this thread about how we can avoid it for policy upgrades, which I believe is the major cause. I'll follow up to that in a bit. Let's assume for now that we've successfully gotten rid of fixfiles (at least from the user's perspective; it may exist as an implementation detail). At that point, what problems remain? The problem of usercustomizable types like httpd_sys_script_ro_t in well-known areas such as /var/www being reset to httpd_sys_content_t goes away, because there is nothing to reset them. The problem of user-defined locations such as /web/mysite1 with type httpd_sys_content_t being reset to default_t goes away as well. Are there any other problems? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Wed 12 Jan 2005 - 22:52:49 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |