forked from Minki/linux
652bb9b0d6
Currently SELinux has rules which label new objects according to 3 criteria. The label of the process creating the object, the label of the parent directory, and the type of object (reg, dir, char, block, etc.) This patch adds a 4th criteria, the dentry name, thus we can distinguish between creating a file in an etc_t directory called shadow and one called motd. There is no file globbing, regex parsing, or anything mystical. Either the policy exactly (strcmp) matches the dentry name of the object or it doesn't. This patch has no changes from today if policy does not implement the new rules. Signed-off-by: Eric Paris <eparis@redhat.com> |
||
---|---|---|
.. | ||
avtab.c | ||
avtab.h | ||
conditional.c | ||
conditional.h | ||
constraint.h | ||
context.h | ||
ebitmap.c | ||
ebitmap.h | ||
hashtab.c | ||
hashtab.h | ||
mls_types.h | ||
mls.c | ||
mls.h | ||
policydb.c | ||
policydb.h | ||
services.c | ||
services.h | ||
sidtab.c | ||
sidtab.h | ||
status.c | ||
symtab.c | ||
symtab.h |