I was looking in selinux_inode_setsecurity for my own neffarious purposes and was curious what prevents a program that has a file open from setting the context on the file using fsetxattr. I confess that I haven't tried it to see how it actually behaves. Casey Schaufler casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
