Re: denials with filesystem associate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stephen Smalley wrote:
> On file creation, there is an associate check between the security
> context of the file and the security context of the containing
> filesystem.  

OK, I think I now understand this permission. But it seems that in a
normal (reference) policy all files are permitted on all filesystems.
Are there cases when they're not?

And secondly, it seems that every file type has an associate permission
on itself, ie.

   allow etc_runtime_t etc_runtime_t : filesystem associate ; 

Why is this so?

Regards,
Michal Svoboda

Attachment: pgp6YfkWCWtnO.pgp
Description: PGP signature

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux