Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Patch to policycoreutils
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Fri, 28 Jan 2005 14:51:53 -0500
Interesting idea, although textual diffs of file_contexts may not be adequate.
> diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.21.5/scripts/fixfiles We no longer need to have fixfiles deal with file_contexts.local with the latest version of setfiles, since setfiles is now using matchpathcon and matchpathcon will internally check it as well.
> +# Hmmm...I'm a bit concerned about the correctness and robustness of this filter pipeline, as well as with the notion of feeding restorecon from a temporary file. Can you explain the stages in the filter pipeline a bit? I think it would be preferable to make the temporary file in a directory with the same protections as the file_contexts configuration (i.e. /etc/selinux/${SELINUXTYPE}/contexts/files). -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 28 Jan 2005 - 14:58:24 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |