selinux equivalent of umask or setuid bit
Stephen Smalley
sds at tycho.nsa.gov
Thu Feb 9 16:18:57 UTC 2012
On Thu, 2012-02-09 at 07:59 -0500, Edward Ned Harvey wrote:
> Just like the people who rsh as root into another system, I understand
> that in many situations you wouldn't want something like this, but
> hypothetically supposing you did...
>
>
>
> If there is a directory in your system, and you want all new files
> created in that directory to inherit the context type of the parent
> folder, is there a way to do that? Something like the selinux
> equivalent of the setgid bit?
That's the default behavior.
> or...
>
> If you are going to do something a moment from now which will create
> some files, and you want them to be created with a specific context
> type, is there a way to do that? Something like the selinux
> equivalent of umask?
That would be setfscreatecon(3) in libselinux. Specifies the security
context to set on subsequent file creations.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list