On Fri, 2008-10-17 at 11:55 -0400, Sanjai Narain wrote: > Hello: I am just getting started with SELinux, and would very much > appreciate an answer to the following question: > > Suppose there is a directory ftp_dir. If one wants to allow ftp of one's > file to the outside world, one places it in ftp_dir. Suppose there is > also a directory private_dir. One wants to prevent copying of any file > in that directory into ftp_dir. In particular, one wants to say "do not > allow cp from private_dir to ftp_dir". How would one go about expressing > this in SELinux? By labeling the two directories with two different types, and defining the roles/domains such that no domain can both read from private_dir and write to ftp_dir. If you want to be strict about it, you'd further have to ensure that there is no path by which information from private_dir can eventually flow to ftp_dir, e.g. by copying it first into some shared directory and then from there to ftp_dir. apol will show information flow paths among types. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
