SELinux last straw
Andy Green
andy at warmcat.com
Thu Oct 18 07:28:20 UTC 2007
Somebody in the thread at some point said:
> On Wed, 2007-10-17 at 21:21 +0100, Andy Green wrote:
>> Doesn't matter if the source is local or remote, the label is decided
>> at file creation time at the destination.
>
> On that note, what sets it? Inheriting them from the parent? SELinux
> itself acting on all file saves?
Yes, where "file save" == open with O_CREAT (ie, creating the new file)
AIUI.
The knowledge about what labels to use where though is held by labels on
the parent directories. So the only reason /var/www/* -- and all who
are created in her --- are associated with httpd is the directory label:
# ll -Zd /var/www
drwxr-xr-x root root system_u:object_r:httpd_sys_content_t /var/www
-Andy
More information about the users
mailing list