On Fri, 2004-04-02 at 15:14, Dax Kelson wrote: > So how do the SELinux file contexts interact? The policy specifies rules for labeling new files based on: - the context of the creating process, - the context of the parent directory, - the kind of file (e.g. regular, directory, symlink, device,...). By default (in the absence of any matching rule in the policy), there is a standard manner in which the context is computed from the creating process context and parent directory context. The allowed accesses between a given process context and a given file context are explicitly defined via an access matrix, specified via the policy. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
