Re: [patch 1/1] selinux: Disable automatic labeling of new inodeswhen no policy is loaded

From: James Morris
Date: Wed Feb 22 2006 - 15:53:02 EST

Next message: Randy.Dunlap: "Re: [PATCH/RFC] arch/x86_common: more formal reuse of i386+x86_64source code"
Previous message: Stephen Smalley: "Re: [patch 1/1] selinux: Disable automatic labeling of new inodeswhen no policy is loaded"
In reply to: Stephen Smalley: "Re: [patch 1/1] selinux: Disable automatic labeling of new inodeswhen no policy is loaded"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 22 Feb 2006, Andrew Morton wrote:

> Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> >
> > This patch disables the automatic labeling of new inodes on disk
> > when no policy is loaded. Please apply.
>
> What is the reason for this change, and what will its effects be?

Discussion is here:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=180296

In short, we're changing the behavior so that when no policy is loaded,
SELinux does not label files at all. Currently it does add an 'unlabeled'
label in this case, which we've found causes problems later.

SELinux always maintains a safe internal label if there is none, so with
this patch, we just stick with that and wait until a policy is loaded
before adding a persistent label on disk.

- James
--
James Morris
<jmorris@xxxxxxxxx>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy.Dunlap: "Re: [PATCH/RFC] arch/x86_common: more formal reuse of i386+x86_64source code"
Previous message: Stephen Smalley: "Re: [patch 1/1] selinux: Disable automatic labeling of new inodeswhen no policy is loaded"
In reply to: Stephen Smalley: "Re: [patch 1/1] selinux: Disable automatic labeling of new inodeswhen no policy is loaded"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]