On Thu January 24 2008, Chuck Anderson wrote: > What do you do if the outside namespace wants to label a file > differently than the inner namespace? Create separate namespaces for > the on-disk xattrs? Yes, this is what I meant with different namespaces, seperate namespaces for the xattrs within the filesystem should be used. Maybe specifying the namespace for the labels of the inner selinux should be an option for chroot then. And it should be the normal situation that the labels differ, because the outside policy should more or less allow everthing for stuff inside the chroot directory, but the inside policy would enforce more restrictions. Regards, Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
