--- Valdis.Kletnieks@xxxxxx wrote: > On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said: > > > > > Why not use SELinux? > > > > > > Because SELinux doesn't guarantee filename and its attribute. > > > The purpose of this filesystem is to ensure filename and its attribute > > > (e.g. /dev/null is guaranteed to be a character device file > > > with major=1 and minor=3). > > > > Why not improve selinux to be able to assign label of new file based > > on directory label and name? > > The problem isn't the label, it's the *other* attributes... > > What happens if /dev/null has the correct SELinux label, but the major/minor > is 1,27 rather than 1,3? Isn't this the kind of thing that Bastille is good for? Casey Schaufler casey@xxxxxxxxxxxxxxxx - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
