Re: extended attributes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: extended attributes
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
Date: Thu, 04 May 2006 14:39:34 -0400
Cc:
In-reply-to: <4459E7F6.6070704@xxxxxxxxxxxx>
Organization: National Security Agency
References: <4459D609.9090804@xxxxxxxxxxxx> <1146741908.2631.13.camel@vulcan> <4459E7F6.6070704@xxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Thu, 2006-05-04 at 21:39 +1000, Russell Strong wrote:
> I don't know much about selinux, but doesn't that also use extended 
> attributes.  I've tried writing a file with a unique selinux label, 
> verified using stat that the inode number changed, however it kept it's 
> selinux extended attributes.  Am I wrong about selinux?

vim has been patched in Fedora to preserve the SELinux attribute;
otherwise, it wouldn't happen (unless it just happened to be preserved
as a result of default directory inheritance or type transition defined
in the policy, but that isn't sufficient for all the files you might
happen to edit).  Upstream vim also includes awareness of POSIX ACLS, I
think.   But not for arbitrary EAs.

-- 
Stephen Smalley
National Security Agency

References:
- extended attributes
  - From: Russell Strong
- Re: extended attributes
  - From: Aaron Konstam
- Re: extended attributes
  - From: Russell Strong

Prev by Date: Re: kernel ...2107_FC5 problems
Next by Date: FC5: Disabling screen blanker?
Previous by thread: Re: extended attributes
Next by thread: Re: extended attributes
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux