Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > Almost want to be able to compute a transition label for the ecryptfs > inodes from the lower inode label so that it can be derived from but > potentially different from the lower inode label. That way policy could > maintain per-file distinctions within an ecryptfs mount and distinguish > between access to the encrypted vs plaintext representations. Yeah. What we want is something like: lower-inode-label + proposed-upper-label + subject-label -> inode-label By proposed-upper-label I mean the default label for a new inode at that the point in the directory tree at which the copy up will take place. David -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
