On Sun, 6 Nov 2005, Gene Czarcinski wrote: > 2. As I see it, MCS is "simply" another type of ACL but one which (to me) is > a better design (more useable) than the existing ACL capability. However, > whereas I can categorize (protect) both files and directories with ACL, I can > currently only categorize (protect) files (not directories) with MCS. I > consider this to be a problem/deficiency. > > Consider that when I create new application files (e.g, with openoffice.org), > they will not have a category assigned by default. This could leave a > sensitive file available for others to access. With directory protection, > this could be mitigated. Yes, inheriting a directory's categories on file creation (only) is something we'll probably investigate soon. - James -- James Morris <jmorris@xxxxxxxxx> -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
