On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said: > > > Why not use SELinux? > > > > Because SELinux doesn't guarantee filename and its attribute. > > The purpose of this filesystem is to ensure filename and its attribute > > (e.g. /dev/null is guaranteed to be a character device file > > with major=1 and minor=3). > > Why not improve selinux to be able to assign label of new file based > on directory label and name? The problem isn't the label, it's the *other* attributes... What happens if /dev/null has the correct SELinux label, but the major/minor is 1,27 rather than 1,3?
Attachment:
pgpNhWixDNTvj.pgp
Description: PGP signature
