On Tue, 04 Jan 2005 11:25:31 -0500, Stephen Smalley wrote: > I'm not in favor of the daemon idea. "install" is akin to "rpm" in the > sense of installing a file, so it may make sense to initialize its > security context based on pathname at that time, because we have no real > runtime knowledge of its security properties and have presumably checked > its integrity in some manner prior to installation. Alright. It seems to me then that files that are not copied in some SELinux aware matter from an installer (ie new files created in /usr/lib or whatever) should just be subject to normal UNIX security and SELinux should not control them. Supporting SELinux would then become a feature of newer installers, but older software would not break. I have a feeling you can't selectively opt files out of SELinux like that though.
