On 10/24/2016 03:25 PM, David Graziano wrote: > I am attempting to write policy for a set of applications which use > POSIX mqueues using named type_transistion rules to uniquely label the > mqueue files in the /dev/mqueue directory then controlling access > based on the types. Standard type transition rules seem to work but I > cannot seem to get the named type transitions to apply the proper > label. Are named type transitions not supported by the mqueue file > system? I’m on a 3.14 series kernel with policy version 28 if that > helps. I’d like to avoid needing to do a restorecon after a new queue > is created. Named type transistions seem to work on other file systems > like tmp and jffs2. You would need to patch the kernel to support that; the filesystem implementation must call security_inode_init_security() and pass the &dentry->d_name in order to support name-based transitions. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
