On Sun, 2008-10-12 at 09:44 +1000, Murray McAllister wrote: > How about: > > object_r is a generic role for used most files. Under the /proc/ > directory, files relating to processes may use the system_r role. /proc is a pseudo filesystem generated by the kernel and the security contexts of /proc/pid nodes are identical to the security context of the associated process. Thus, any process role can be found in /proc. But processes cannot create files there. > > Thanks again for your help. > > > >> Also, when a file is copied over an existing file, the existing file's > >> context is maintained, unless the user specified cp options to preserve > >> the context of the original file, such as --preserve=context. > > > > Also the -Z option to cp deserves a mention. > > > >> #Is the following required, or is it covered by the above: > >> > >> On systems running the MLS policy, when files and directories are > >> copied, they inherit the type from the parent directory they are being > >> copied to, and the level from the process that copied them. > > > > Probably. > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
