On Mon, 2011-01-31 at 19:03 +0200, Lucian Adrian Grijincu wrote: > On Mon, Jan 31, 2011 at 6:59 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > /proc/sys inode labeling was disabled earlier (hence marked S_PRIVATE) > > when /proc/sys was reimplemented by Eric, so all access control > > on /proc/sys was switched to using the sysctl hook rather than the > > inode-based checking. That's why you don't get a result from ls -Z > > on /proc/sys on current kernels. Getting actual labeling working again > > for those inodes would be a win, so your patch is an improvement in that > > regard for selinux. > > > Oh, OK. Thanks for letting me know. > > Do you see anything else that is wrong with these patches (apart from > "//deleted")? No, although I think someone should take them for a spin on a modern Fedora in enforcing mode for a bit, and likely run the selinux testsuite too. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
