[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: extended attributes



On Thu, 2006-05-04 at 21:39 +1000, Russell Strong wrote:
> I don't know much about selinux, but doesn't that also use extended 
> attributes.  I've tried writing a file with a unique selinux label, 
> verified using stat that the inode number changed, however it kept it's 
> selinux extended attributes.  Am I wrong about selinux?

vim has been patched in Fedora to preserve the SELinux attribute;
otherwise, it wouldn't happen (unless it just happened to be preserved
as a result of default directory inheritance or type transition defined
in the policy, but that isn't sufficient for all the files you might
happen to edit).  Upstream vim also includes awareness of POSIX ACLS, I
think.   But not for arbitrary EAs.

-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]