summaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2011-02-01 11:05:40 -0500
committerEric Paris <eparis@redhat.com>2011-02-01 11:12:30 -0500
commit652bb9b0d6ce007f37c098947b2cc0c45efa3f66 (patch)
tree7bf76f04a1fcaa401761a9a734b94682e2ac8b8c /kernel
parent2a7dba391e5628ad665ce84ef9a6648da541ebab (diff)
downloadlinux-stable-652bb9b0d6ce007f37c098947b2cc0c45efa3f66.tar.gz
linux-stable-652bb9b0d6ce007f37c098947b2cc0c45efa3f66.tar.bz2
linux-stable-652bb9b0d6ce007f37c098947b2cc0c45efa3f66.zip
SELinux: Use dentry name in new object labeling
Currently SELinux has rules which label new objects according to 3 criteria. The label of the process creating the object, the label of the parent directory, and the type of object (reg, dir, char, block, etc.) This patch adds a 4th criteria, the dentry name, thus we can distinguish between creating a file in an etc_t directory called shadow and one called motd. There is no file globbing, regex parsing, or anything mystical. Either the policy exactly (strcmp) matches the dentry name of the object or it doesn't. This patch has no changes from today if policy does not implement the new rules. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
0 files changed, 0 insertions, 0 deletions