On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said: > > > Why not use SELinux? > > > > Because SELinux doesn't guarantee filename and its attribute. > > The purpose of this filesystem is to ensure filename and its attribute > > (e.g. /dev/null is guaranteed to be a character device file > > with major=1 and minor=3). > > Why not improve selinux to be able to assign label of new file based > on directory label and name? The problem isn't the label, it's the *other* attributes... What happens if /dev/null has the correct SELinux label, but the major/minor is 1,27 rather than 1,3?
Attachment:
pgp1cZePZMfmm.pgp
Description: PGP signature
- Follow-Ups:
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Casey Schaufler <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- References:
- [patch 0/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Tetsuo Handa <[email protected]>
- Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- From: Pavel Machek <[email protected]>
- [patch 0/2] [RFC] Simple tamper-proof device filesystem.
- Prev by Date: [PATCH] ecryptfs: fix string overflow on long cipher names
- Next by Date: Re: [PATCH 1/7] Copy mpc-i2c to preserve support for ARCH=ppc and allow changes on ARCH=powerpc
- Previous by thread: Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- Next by thread: Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.
- Index(es):
 |