--- David Howells <dhowells@xxxxxxxxxx> wrote: > Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > > > With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE, > > do your business of setting the label correctly, and then drop > > the capability. No new hooks required. > > That sounds like a contradiction. How can you both leave it alone and set > it? Whoops, sorry. You leave the process label alone and explicitly set the file label using the xattr interfaces. Casey Schaufler casey@xxxxxxxxxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
