+1 On Thu, Jan 9, 2014 at 3:53 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > We would like to change > > sid file_labels gen_context(system_u:object_r:unlabeled_t,s0) > > to something like > > sid file_labels gen_context(system_u:object_r:invalid_label_t,s0) > > Since explaining to someone that a file without a label is file_t, but if it > has a label that the kernel does not understand it is labeled as unlabeled_t. > A file with a label is unlabeled_t???? While a file without a label is file_t. > > > # > # unlabeled_t is the type of unlabeled objects. > # Objects that have no known labeling information or that > # have labels that are no longer valid are treated as having this type. > # > > # > # file_t is the default type of a file that has not yet been > # assigned an extended attribute (EA) value (when using a filesystem > # that supports EAs). > # > > These two type definitions seem to conflict, with file_t winning at least on > systems that support XAttrs. > > I would guess a better fix would be to change the kernel to handle the case > where an object is unlabeled_t one way and if it is labeled and the kernel > does not understand the label differently. > > sid invalid_file_labels gen_context(system_u:object_r:invalid_label_t,s0) > > Opinions.... > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlLPGlMACgkQrlYvE4MpobOrDwCgwSduQpyqjGFni/0dksiv0I2j > uEAAn181YTHYYRj0XSern/+CPtuUp7Vu > =3HJ3 > -----END PGP SIGNATURE----- > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
