On Mon, 2004-04-05 at 11:31, Shahms King wrote: > So, what, exactly, does SELinux do in the absence of file context > information? Depends on what you mean; I'm assuming you mean filesystems without xattr support. In that case, SELinux has several methods of associating security contexts with files. The two important ones are the context= option for mount, and genfs. > It seems to me that the "correct" behavior would be to > ignore missing context information. Perhaps logging the fact that the > file lacks context, but proceeding as if SELinux weren't installed. > Yes, it's less secure, but it's also "the principle of least surprise." At the kernel level, SELinux's philosophy is that anything not explicitly permitted by the policy is denied. A lot depends on that. However the behavior you desire could be achieved at the policy level. A first really bad hack would be something like: rw_dir_create_file(domain,unlabeled_t) A somewhat better way would be to define a new type that you use for shared data: type shared_data_t, file_type, sysadmfile; rw_dir_create_file(domain,shared_data_t); And then add context=system_u:object_r:shared_data_t to your fstab options for /home. Not tested, but it will likely work. I don't think anything like this should be the default though :) > Watching the mount messages at bootup, it also appears as though for > EA-incapable filesystems SELinux will generate context information > automatically, is it not possible to do this for files without the > context info? It depends on the filesystem type, your security policy, and the mount options, but - yes. > And, more importantly, it lets me share data between my FC1 install > and FC2 install as an ordinary user ;-P I'm assuming the problem here is that you write the data from both, potentially losing xattrs?
Attachment:
signature.asc
Description: This is a digitally signed message part
