-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We would like to change sid file_labels gen_context(system_u:object_r:unlabeled_t,s0) to something like sid file_labels gen_context(system_u:object_r:invalid_label_t,s0) Since explaining to someone that a file without a label is file_t, but if it has a label that the kernel does not understand it is labeled as unlabeled_t. A file with a label is unlabeled_t???? While a file without a label is file_t. # # unlabeled_t is the type of unlabeled objects. # Objects that have no known labeling information or that # have labels that are no longer valid are treated as having this type. # # # file_t is the default type of a file that has not yet been # assigned an extended attribute (EA) value (when using a filesystem # that supports EAs). # These two type definitions seem to conflict, with file_t winning at least on systems that support XAttrs. I would guess a better fix would be to change the kernel to handle the case where an object is unlabeled_t one way and if it is labeled and the kernel does not understand the label differently. sid invalid_file_labels gen_context(system_u:object_r:invalid_label_t,s0) Opinions.... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLPGlMACgkQrlYvE4MpobOrDwCgwSduQpyqjGFni/0dksiv0I2j uEAAn181YTHYYRj0XSern/+CPtuUp7Vu =3HJ3 -----END PGP SIGNATURE----- _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
