On Mon, Mar 28, 2005 at 01:23:39PM -0500, Stephen Smalley wrote: > On Mon, 2005-03-28 at 19:27 +0100, Luke Kenneth Casson Leighton wrote: > > ... question: in what ways do you ensure that a security-aware > > compromised program is only allowed to create certain filetypes? > > In the same manner as with a security-unaware program; the domain must > be allowed create permission to the file type via an allow rule. ... there's nothing special needed? ... oh - yes, i get it. create filetype. nothing to do with file_type_auto_trans itself. l.
