On 05/23/2014 09:42 AM, Stephen Smalley wrote: > On 05/22/2014 03:32 AM, Dominick Grift wrote: >> On Thu, 2014-05-22 at 12:25 +0530, dE wrote: >>> On 05/20/14 19:12, Christopher J. PeBenito wrote: >>>> The kernel will create files with object_r regardless >>> >>> Is this defined in the policy or is hard coded in the kernel? >> >> Hard coded into the kernel > > Unless the policy specifies to default from source or target for the > file class... So if I explicitly put default_role from target it will start inheriting the directory's role? If so, did that change also fix role_transition to work on file creation? i.e. can I write a rule like: role_transition user_r tmp_t:file user_r; So I can get the default_role from source-like behavior on certain types (I'd like to bring back role separations in refpolicy)? -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
