We are working on the Fedora SELinux FAQ
John Reiser
jreiser at bitwagon.com
Sat Jan 23 17:46:36 UTC 2010
> http://sradvan.fedorapeople.org/SELinux_FAQ/#id2654720
Q: What is the patent status of SELinux? List all the patents and
patent applications that are "owned by SElinux." List those that
were consciously avoided or worked-around. Give the citations
which constitute prior art to protect the un-patented aspects.
Q: Is 'tar' the only Fedora-packaged file manipulator that is SELinux
aware? All of the following apps ignore file contexts, and thus
do not "interoperate" with SELinux (do not preserve context labels):
cp
cp -a
cpio
rsync # even with local pathnames only
zip/unzip, gzip, bzip2, 7zip, lzma, xz
sccs, rcs, cvs, svn, mercurial (hg), git, perforce
any user-level network protocol: file://, ftp://, http://
(therefore: rsync, curl, wget, ftp, sftp, scp, ...)
Q: Do file context labels and policy access rules form a "stationary
process", such that the only things that matter are the most-recent
label and the current policy; any previous history has no effect?
Therefore omitting intermediate policy updates, reverting and
applying different intermediate policy, applying restorecontext
or re-labelling at any time, etc., do not matter? In particular,
re-labelling is idempotent: if done two times in succession
then the second time changes nothing? Also, if two different
machines have the same SELinux policy installed [rpm -q], no
[current] local changes to policy, and have just done a relabel,
then is the on-disk representation bit-for-bit identical?
Q: I have a harddrive partition with a mounted and readonly
4.5GB ext2/ext3/ext4 filesystem with non-default file context labels.
I want to clone this filesystem onto a DVD-ROM, mount the replicated
DVD-ROM on multiple other systems, and get the same behavior
on the replicated systems as on the original system. How?
--
More information about the selinux
mailing list