On Saturday 11 October 2008 15:15, Murray McAllister <mmcallis@xxxxxxxxxx> wrote: > When files and directories are copied, the SELinux context of the new > file or directory depends on the context of the creating process, and > the context of the target, parent directory: the type is inherited from > the target, parent directory (unless a type transition rule exists[1]); > the SELinux user identity and level are inherited from the creating > process; and the role is always object_r, which is a generic role for > files. This helps ensure files and directories are labeled with the > correct SELinux context after being copied. I'm not sure how the last sentence is supposed to link with the rest - it certainly doesn't correspond to the second-last sentence. object_r is for future support and also to give a regular format of the context for all operations. Note that files under /proc that relate to processes have different roles. > Also, when a file is copied over an existing file, the existing file's > context is maintained, unless the user specified cp options to preserve > the context of the original file, such as --preserve=context. Also the -Z option to cp deserves a mention. > #Is the following required, or is it covered by the above: > > On systems running the MLS policy, when files and directories are > copied, they inherit the type from the parent directory they are being > copied to, and the level from the process that copied them. Probably. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
