On Fri, 15 Jun 2007, Seth Arnold wrote: > > How does inotify not work here? You are notified that the tree is > > moved, your daemon goes through and relabels things as needed. In the > > meantime, before the re-label happens, you might have the wrong label on > > things, but "somehow" SELinux already handles this, so I think you > > should be fine. > > SELinux does not relabel files when containing directories move, so it > is not a problem they've chosen to face. It's a deliberate design choice, and follows traditional Unix security logic. DAC permissions don't change on every file in the subtree when you mv directories, either. - James -- James Morris <[email protected]> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- References:
- [AppArmor 00/45] AppArmor security module overview
- From: [email protected]
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Andreas Gruenbacher <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Crispin Cowan <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Pavel Machek <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Crispin Cowan <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Greg KH <[email protected]>
- Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- From: Seth Arnold <[email protected]>
- [AppArmor 00/45] AppArmor security module overview
- Prev by Date: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
- Next by Date: Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
- Previous by thread: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- Next by thread: Re: [AppArmor 39/45] AppArmor: Profile loading and manipulation, pathname matching
- Index(es):