--- Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On Fri, 2008-01-18 at 08:40 -0800, Casey Schaufler wrote: > > I was looking in selinux_inode_setsecurity for my own > > neffarious purposes and was curious what prevents a program > > that has a file open from setting the context on the file > > using fsetxattr. I confess that I haven't tried it to see > > how it actually behaves. > > Sorry, what's your question? Of course you can relabel a file via > fsetxattr (if you pass the permission check, which is a different hook > called earlier). In the case of fsetxattr, which hook would that be? Casey Schaufler casey@xxxxxxxxxxxxxxxx -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
