[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Naming convention flames

From: Stephen Smalley <sds epoch ncsc mil>
To: "Fedora SELinux support list for users & developers." <fedora-selinux-list redhat com>
Subject: Re: Naming convention flames
Date: Fri, 02 Apr 2004 15:44:19 -0500

On Fri, 2004-04-02 at 15:14, Dax Kelson wrote:
> So how do the SELinux file contexts interact? 

The policy specifies rules for labeling new files based on:
- the context of the creating process,
- the context of the parent directory,
- the kind of file (e.g. regular, directory, symlink, device,...).

By default (in the absence of any matching rule in the policy), there is
a standard manner in which the context is computed from the creating
process context and parent directory context.

The allowed accesses between a given process context and a given file
context are explicitly defined via an access matrix, specified via the
policy.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency

References:
- Re: Naming convention flames
  - From: James Morris
- Re: Naming convention flames
  - From: Dax Kelson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]