Re: [patch 1/2] [RFC] Simple tamper-proof device filesystem.

From: Valdis . Kletnieks
Date: Tue Dec 18 2007 - 10:55:39 EST


On Thu, 06 Dec 2007 15:29:07 GMT, Pavel Machek said:
>
> > Why not use SELinux?
> >
> > Because SELinux doesn't guarantee filename and its attribute.
> > The purpose of this filesystem is to ensure filename and its attribute
> > (e.g. /dev/null is guaranteed to be a character device file
> > with major=1 and minor=3).
>
> Why not improve selinux to be able to assign label of new file based
> on directory label and name?

The problem isn't the label, it's the *other* attributes...

What happens if /dev/null has the correct SELinux label, but the major/minor
is 1,27 rather than 1,3?

Attachment: pgp00000.pgp
Description: PGP signature