> But use of this filesystem is still valid when this filesystem is used with > policy based mandatory access control (such as SELinux, TOMOYO Linux) > because this filesystem guarantees where policy based mandatory access control > can't guarantee (i.e. filename and its attribute). > Policy based mandatory access control guarantees that "Only Bob can create block device file named sda1 in /dev directory". But it can't guarantee that /dev/sda1 will have block-8-1 attribute. If Bob is malicious and creates /dev/sda1 with block-8-2 attribute, other applications that depends on the attributes of /dev/sda1 goes wrong. So, this filesystem guarantees that /dev/sda1 has block-8-1 attribute. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
