On Mon, Jan 31, 2011 at 6:59 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > /proc/sys inode labeling was disabled earlier (hence marked S_PRIVATE) > when /proc/sys was reimplemented by Eric, so all access control > on /proc/sys was switched to using the sysctl hook rather than the > inode-based checking. ÂThat's why you don't get a result from ls -Z > on /proc/sys on current kernels. ÂGetting actual labeling working again > for those inodes would be a win, so your patch is an improvement in that > regard for selinux. Oh, OK. Thanks for letting me know. Do you see anything else that is wrong with these patches (apart from "//deleted")? -- Â. ..: Lucian -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.