On Thu, 2011-09-22 at 15:53 -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Currently if I create a directory labeled > > etc_t:s0:c1 > > And with a process running as unconfined_t:s0-s0:c0.c1023 create a > file within the directory, the file gets created with the label > etc_t:s0. I would like to change the behavior to creating the file > as etc_t:s0:c1. > > That way an administrator could modify files within a sandbox and have > the files be labeled correctly. > > I believe this behavior differs from MLS but believe this would be > what the admin expects. > > Is changing this a kernel or policy issue? That would be a kernel change, and it would have to be configurable so that it can differ for MLS vs MCS. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
