-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Smalley wrote: > > If I understand correctly, you want to provide separation on a per-user > basis (not just per-role) for NFS-mounted home directories. I don't > think that is realistically supportable by SELinux today, as 1) SELinux > distinguishes based on security context/label, not uid, and 2) NFS > doesn't support file labeling yet. Sounds more like a job for 'normal > permissions' i.e. discretionary access modes and/or ACLs. There is > ongoing work to support file labeling in NFSv4, but it is still in > development, and even then, instantiating a separate role for every user > is going to be problematic for any large number of users. > And would there be a way to do something so that each user has a different context? That is to say, I can assign a different context to each user and have something easily maintained. Do you see that viable? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIPE4SFq+8w76sCAARAjn1AJ9WOkv51PzZTueUkD8jCYAN1z/U8wCcDsyj r2FnoXXpA0la49+Li2jAuK4= =h8RH -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
