Hello, I have implemented a simple MCS based system for hosting SVN repositories. I was happy with the performance until I found out that the s0-s0:c1 processes will happily create new revisions (ie. new files) as s0 inside a s0:c1 directory. According to various sources, new files are always created using the lowest security level in the range of the creating process, despite an inheritance mechanism already working for types. What is the reasoning behind this? I tried to mitigate this by forcing a ssh session into a certain MCS range, as in ssh user/foo_r:foo_t:s0:c1, however this only works for changing roles but not for MCS. Not even setting the MCS level in default_contexts works as one would expect. Again, why? Running out of ideas, my solution for now is to hope that a s0 process cannot search / modify the s0:c1 directory, even with s0 files present and to periodically "restorecon" the whole dir (no, restorecond does not seem to be working on dirs recursively). So the third question is, are there any better ways? Regards, Michal Svoboda
Attachment:
pgpnc3IzrWb82.pgp
Description: PGP signature
