On Tue, 2008-05-27 at 21:12 +0200, Ioannis Aslanidis wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Understood. That changes a little the policy, but I could still create > one mount point per user inside his own home. I don't think so; you are limited to per-filesystem/superblock granularity at present, not per-mount. If you make multiple mounts from the same filesystem on the server, they'll be labeled identically. You'd need genuine labeled NFS support, which is yet to come (in progress). > That still leaves me with > the possibility of listing /home, which could be achieved by removing > the read flag on the directory on normal permission mode and so on, so I > guess SELinux wouldn't be needed in that case. > > Thanks for your help. If you have any comments or proposals I am open to > them. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
