> -----Original Message----- > From: Selinux [mailto:selinux-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen > Smalley > Sent: Tuesday, October 25, 2016 9:33 AM > To: David Graziano <david.graziano@xxxxxxxxxxxxxxxxxxx>; > selinux@xxxxxxxxxxxxx > Subject: Re: POSIX mqueues > > On 10/24/2016 03:25 PM, David Graziano wrote: > > I am attempting to write policy for a set of applications which use > > POSIX mqueues using named type_transistion rules to uniquely label the > > mqueue files in the /dev/mqueue directory then controlling access > > based on the types. Standard type transition rules seem to work but I > > cannot seem to get the named type transitions to apply the proper > > label. Are named type transitions not supported by the mqueue file > > system? I’m on a 3.14 series kernel with policy version 28 if that > > helps. I’d like to avoid needing to do a restorecon after a new queue > > is created. Named type transistions seem to work on other file systems > > like tmp and jffs2. > > You would need to patch the kernel to support that; the filesystem > implementation must call security_inode_init_security() and pass the &dentry- > >d_name in order to support name-based transitions. > Interesting, is anyone currently working on that, David, are you going to do that? If no one Wants it, I'll do it ;-P > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
