Is there a way to set default MCS labels for file creation?
James Morris
jmorris at namei.org
Sat Jun 23 15:15:11 UTC 2007
On Fri, 22 Jun 2007, Bruno Wolff III wrote:
> On Thu, Jun 21, 2007 at 16:18:43 -0500,
> Bruno Wolff III <bruno at wolff.to> wrote:
> > Is there a way to set a default set of labels for newly created files
> > based on file paths or role?
>
> I found information stating the default type comes from the type of the
> directory in which the file is created,
Not for MCS labels, though. MCS labels can't currently be applied to
directories, although the potentially could, and then files created under
the directories could receive MCS labels based upon the parent directory
and the creating process. The idea was to keep it as absolutely simple as
possible and for users to explicitly label each object with MCS labels (so
there are no inheritance semantics, for example).
This whole area is under review, and there's been some discussion of using
TE for user labeling (cc'd Karl and Stephen).
- James
--
James Morris
<jmorris at namei.org>
More information about the selinux
mailing list