A common VFS and a Common conf-system [Part II]
alexl at redhat.com
Thu Mar 3 19:02:05 EET 2005
On Thu, 2005-03-03 at 11:55 -0500, Sean Middleditch wrote:
> On Thu, 2005-03-03 at 17:52 +0100, Alexander Larsson wrote:
> >> I fully admit to being rather ignorant on the SELinux development
> >> interface, but that sort of behavior is possible, is it not? Would it
> >> also be possible to make the daemon utilize the client application's
> >> context for file access (similar to the fsuid in Linux) ?
> >I know you can pass around selinux contexts. I'm not sure you can do i/o
> >in a specific context though. I don't really know much about selinux.
> Guess I'll have to start doing some major reading on it, then. :)
For one, its unlikely that the vfs daemon could run something in a
context that had more priviledges than the original context the daemon
was running in.
Alexander Larsson Red Hat, Inc
alexl at redhat.com alla at lysator.liu.se
He's a Nobel prize-winning chivalrous gentleman spy whom everyone believes is
mad. She's a brilliant hip-hop socialite prone to fits of savage, blood-crazed
rage. They fight crime!
More information about the xdg