[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

[Linux-cachefs] Re: [PATCH 00/16] Permit filesystem local caching [try #3]

From: Casey Schaufler <casey schaufler-ca com>
To: David Howells <dhowells redhat com>, casey schaufler-ca com
Cc: akpm osdl org, LSM List <linux-security-module vger kernel org>, linux-kernel vger kernel org, nfsv4 linux-nfs org, trond myklebust fys uio no, torvalds osdl org, linux-cachefs redhat com, selinux tycho nsa gov, linux-fsdevel vger kernel org, Stephen Smalley <sds tycho nsa gov>
Subject: [Linux-cachefs] Re: [PATCH 00/16] Permit filesystem local caching [try #3]
Date: Tue, 14 Aug 2007 08:53:39 -0700 (PDT)

--- David Howells <dhowells redhat com> wrote:

> Casey Schaufler <casey schaufler-ca com> wrote:
> 
> > With Smack you can leave the label alone, raise CAP_MAC_OVERRIDE,
> > do your business of setting the label correctly, and then drop
> > the capability. No new hooks required.
> 
> That sounds like a contradiction.  How can you both leave it alone and set
> it?

Whoops, sorry. You leave the process label alone and explicitly
set the file label using the xattr interfaces.


Casey Schaufler
casey schaufler-ca com

Follow-Ups:
- [Linux-cachefs] Re: [PATCH 00/16] Permit filesystem local caching [try #3]
  - From: Stephen Smalley
- [Linux-cachefs] Re: [PATCH 00/16] Permit filesystem local caching [try #3]
  - From: David Howells

References:
- [Linux-cachefs] Re: [PATCH 00/16] Permit filesystem local caching [try #3]
  - From: David Howells

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]