Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing List
subject: Restrict File creation types Date: 10 Jun 2004 12:26:12 -0500
File_type_1a_t File_type_1b_t File_type_2a_t File_type_2b_t
I want all files in Dir_Type1_t to be of types File_type_1a_t or
File_type_1b_t no matter the domain of the creating process
and all files in Dir_Type2_t to be of types File_type_2a_t or
File_type_2b_t.
I've tried looking through the logs with auditallow on for all the Dir and File types, but didn't see anything where both types where listed in the same allow statement. Is this even possible? Kenny -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Stephen Smalley <sds_at_epoch.ncsc.mil> subject: Re: Restrict File creation types Date: Thu, 10 Jun 2004 15:08:47 -0400
There isn't a particular permission that enforces an association between
the parent directory type and the new file type. You can do things
like:
It wouldn't be difficult to add a new permission check between the parent directory type and the new file type on file creation, but you would also need to ensure that the property is preserved for hard links, and possibly for bind mounts. There is a permission check performed between the new file type and the filesystem type. -- Stephen Smalley <sds@epoch.ncsc.mil> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
|
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |