--- David Howells <dhowells@xxxxxxxxxx> wrote: ... > > How about I just stick the context in /etc/cachefilesd.conf as a textual > configuration item and have the daemon pass that as a string to the > cachefiles > kernel module, which can then ask LSM if it's valid to set this context as an > override, given the daemon's own security context? That seems entirely > reasonable to me. Works for Smack. I can't say definitively, but I think it will work for SELinux. Beyond that and we're into the fuzzy bit of the LSM. Casey Schaufler casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
