On Thu, 2006-05-04 at 21:39 +1000, Russell Strong wrote: > I don't know much about selinux, but doesn't that also use extended > attributes. I've tried writing a file with a unique selinux label, > verified using stat that the inode number changed, however it kept it's > selinux extended attributes. Am I wrong about selinux? vim has been patched in Fedora to preserve the SELinux attribute; otherwise, it wouldn't happen (unless it just happened to be preserved as a result of default directory inheritance or type transition defined in the policy, but that isn't sufficient for all the files you might happen to edit). Upstream vim also includes awareness of POSIX ACLS, I think. But not for arbitrary EAs. -- Stephen Smalley National Security Agency
