Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > Almost want to be able to compute a transition label for the ecryptfs > inodes from the lower inode label so that it can be derived from but > potentially different from the lower inode label. That way policy could > maintain per-file distinctions within an ecryptfs mount and distinguish > between access to the encrypted vs plaintext representations. Yeah. What we want is something like: lower-inode-label + proposed-upper-label + subject-label -> inode-label By proposed-upper-label I mean the default label for a new inode at that the point in the directory tree at which the copy up will take place. David _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
