On Thu January 24 2008, Stephen Smalley wrote: > I think it would be a property of the chroot'd process and its > descendants, not of the directory, as processes operating non-chroot'd > may still access the contents of that directory and should still be > handled by the host policy. So a per-task policy attribute that would Yes, I did not think about this direction. > usually always refer to the host/global policy, but could be unshared > and then have a private policy loaded for it and its descendants. > > The main problem is detecting and handling accesses that cross the > policy boundary (non-chroot'd process attempts to access file within the > directory, chroot'd process manages to break out of the chroot and > attempts to access file outside of chroot). When there were different "namespaces" for the inner and outer selinux, then the outer selinux could handle the access trough the chroot bondary using the normal host namespace and the inner selinux would only handle the access within the chroot, using its own namespace. Regards, Till
Description: This is a digitally signed message part.