Hi Steve: Thanks very much! Best regards. -- Sanjai
Stephen Smalley wrote:
On Fri, 2008-10-17 at 11:55 -0400, Sanjai Narain wrote:
Hello: I am just getting started with SELinux, and would very much
appreciate an answer to the following question:
Suppose there is a directory ftp_dir. If one wants to allow ftp of one's
file to the outside world, one places it in ftp_dir. Suppose there is
also a directory private_dir. One wants to prevent copying of any file
in that directory into ftp_dir. In particular, one wants to say "do not
allow cp from private_dir to ftp_dir". How would one go about expressing
this in SELinux?
By labeling the two directories with two different types, and defining
the roles/domains such that no domain can both read from private_dir and
write to ftp_dir. If you want to be strict about it, you'd further have
to ensure that there is no path by which information from private_dir
can eventually flow to ftp_dir, e.g. by copying it first into some
shared directory and then from there to ftp_dir. apol will show
information flow paths among types.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
