On 05/26/2014 02:18 AM, dE wrote: > The obvious point of a type value for a certain FS is to restrict programs from doing things which are not allowed on that FS. > > iso9660/UDF etc... is a RO FS. So writing on it should not be allowed. But I can write to files having this security context. > > So what's the utility of, atleast iso9660_t? Questions about Reference Policy should be asked on its list. The purpose of iso9660_t is to provide a separate type for that media, not to reinforce the fact that the disks are read-only by policy. By being a file type, certain domains can write to it since they can write to all file types. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
