This should be of great assistance with two home projects currently and 1 work project due to the filesystem types. I am still working through size issues and further locking down the images. Project 1 = SE Linux image for Netgear MR314 Wireless Lan Router Project 2 = SE Linux image for Cisco 2501 Router Project 3 = Debian Sarge Server build on SGI Octane with reiserfs ( Work for Network Management Server ) Thanks, Jim McCullough On Tue, 31 Aug 2004 21:02:10 +0100, Luke Kenneth Casson Leighton <lkcl@xxxxxxxx> wrote: > On Tue, Aug 31, 2004 at 03:26:43PM -0400, Stephen Smalley wrote: > > On Tue, 2004-08-31 at 15:18, Luke Kenneth Casson Leighton wrote: > > > i think we need the input of more experienced people than us to > > > say why these associate things are needed. > > > > It provides control over the set of files that can live in a given > > filesystem, based on their security types (equivalence classes). As you > > are now creating device types in a different filesystem type, further > > allow rules are needed to allow that association. > > > > > a correct implementation of the > > > hacked-together-relaxed-fscontext-hooks.c-patch results in an atomic > > > operation (mount with a new context which would otherwise need to be > > > achieved with two commands: mount followed by restorecon) > > > > The more important issue is that fscontext= lets you set the superblock > > security context, not just the root directory context. restorecon can't > > do that. > > ah. > > thanks for clarifying, steven. > > l. > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. > -- Jim McCullough
