User: Password:
Subscribe / Log in / New account



Posted Sep 23, 2004 17:09 UTC (Thu) by mmarsh (subscriber, #17029)
In reply to: Complexity by walters
Parent article: An introduction to SELinux

That's not how I read the comment, but then I'm also not familiar with SELinux, so this may just be an incorrect reading. My impression was that Rich wanted to assign a type to a file by name and let the rules compiler figure out what the actual object is.

After poking through the documentation, it looks like I might just have been off. There are examples of specifying objects by path, and wildcards to assign a type to everything not otherwise specified.

(Log in to post comments)


Posted Sep 23, 2004 19:14 UTC (Thu) by walters (subscriber, #7396) [Link]

Oh, I guess I misunderstood what you were saying. There is a mapping from file names to contexts that SELinux uses to initialize the system. Defining this mapping is part of writing a security policy for a program.

However Rich and elanthis seemed to want to do away with types entirely and have them somehow automagically created; that doesn't make sense.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds