Re: SELinux metadata protection

From: KaiGai Kohei (kaigai@private)
Date: Wed Jan 04 2006 - 08:01:38 PST

Thanks for your comments.

OK, I understood positioning of filename in SELinux.
I wanted to confirm whether it was metadata or not at first
because it seems to me a bit unclarity.

Drop previous two patches.

>>Casey takes a deep breath...
>>The filename is not an attribute of the file.
>>The pathname components are data contained
>>in directory entries. The association of path name
>>to inode number is one way. There is no association
>>of path name from file. Really. This is the thing
>>that make audit hard.
>>Yes, I know "It's obvious". It's just not true.
> The world is ending because I agree with Casey on this one...
> The filename is not an attribute of the file, and we do not want this
> type of filtering on directory reads.  Use the permissions on the
> directory itself to control who can see the names it contains.  It is
> the data container for the filenames.
> Use polyinstantiation aka Multi-Level Directories aka moldy directories
> for shared directories like /tmp.

KaiGai Kohei <kaigai@private>

This archive was generated by hypermail 2.1.3 : Wed Jan 04 2006 - 08:02:55 PST