Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

From: Valdis . Kletnieks
Date: Tue Dec 18 2007 - 10:55:39 EST

Next message: Kumar Gala: "Re: [PATCH 1/7] Copy mpc-i2c to preserve support for ARCH=ppc and allow changes on ARCH=powerpc"
Previous message: Eric Sandeen: "[PATCH] ecryptfs: fix string overflow on long cipher names"
In reply to: Pavel Machek: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: Casey Schaufler: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said:
>
> > Why not use SELinux?
> >
> > Because SELinux doesn't guarantee filename and its attribute.
> > The purpose of this filesystem is to ensure filename and its attribute
> > (e.g. /dev/null is guaranteed to be a character device file
> > with major=1 and minor=3).
>
> Why not improve selinux to be able to assign label of new file based
> on directory label and name?

The problem isn't the label, it's the *other* attributes...

What happens if /dev/null has the correct SELinux label, but the major/minor
is 1,27 rather than 1,3?

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Kumar Gala: "Re: [PATCH 1/7] Copy mpc-i2c to preserve support for ARCH=ppc and allow changes on ARCH=powerpc"
Previous message: Eric Sandeen: "[PATCH] ecryptfs: fix string overflow on long cipher names"
In reply to: Pavel Machek: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Next in thread: Casey Schaufler: "Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]