[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux breaks revisor



On Thu January 24 2008, Stephen Smalley wrote:

> I think it would be a property of the chroot'd process and its
> descendants, not of the directory, as processes operating non-chroot'd
> may still access the contents of that directory and should still be
> handled by the host policy.  So a per-task policy attribute that would

Yes, I did not think about this direction.

> usually always refer to the host/global policy, but could be unshared
> and then have a private policy loaded for it and its descendants.
>
> The main problem is detecting and handling accesses that cross the
> policy boundary (non-chroot'd process attempts to access file within the
> directory, chroot'd process manages to break out of the chroot and
> attempts to access file outside of chroot).

When there were different "namespaces" for the inner and outer selinux, then 
the outer selinux could handle the access trough the chroot bondary using the 
normal host namespace and the inner selinux would only handle the access 
within the chroot, using its own namespace.

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]