On Sunday 12 October 2008 10:44, Murray McAllister <mmcallis@xxxxxxxxxx> wrote: > > object_r is for future support and also to give a regular format of the > > context for all operations. Note that files under /proc that relate to > > processes have different roles. > > I could only find the system_r and object_r roles in /proc/. Are there > any others? /proc/pid/* seem to only use system_r (I did not check > everything). Run in a "strict" configuration and you will see staff_r, user_r, and sysadm_r, with MLS you will see secadm_r. > How about: > > object_r is a generic role for used most files. All filesystem objects on persistent storage or network filesystems. > Under the /proc/ > directory, files relating to processes may use the system_r role. Or the other four roles I listed, and maybe others with customised policy. Back in 2002 I had machines running with 16 roles and I had the policy working well for creating arbitrary roles with minimal effort. -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
