ESG, Take a step back and explain to us what process is creating these files. What procesess are you trying to prevent from reading these files?
any process that can create a file, touch, vim...
Who is creating the files?
any user that can log in the system.
If it is one process creating the files then you can add SELinux awareness to the tool and get the files created with the "correct" context.
Hope my answer explain a bit more the problem
Thanks
ESG
On 02/17/2010 03:27 AM, ESGLinux wrote:
ESG, Take a step back and explain to us what process is creating these files. What procesess are you trying to prevent from reading these files?
any process that can create a file, touch, vim...
Who is creating the files?
any user that can log in the system.
If it is one process creating the files then you can add SELinux awareness to the tool and get the files created with the "correct" context.
Hope my answer explain a bit more the problem
Thanks
ESG
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
What is the secutity separation on the files than. Can you give me an more definition of what these files are.
Are you trying to allow a file to be created and depending on its name, it can be shared by a confined service?
You have not explained what your security goal is.
selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
What is the secutity separation on the files than. Can you give me an more definition of what these files are.
Are you trying to allow a file to be created and depending on its name, it can be shared by a confined service?
You have not explained what your security goal is.
i´ll try to explain.
I have a big directory with thousands of files. All of this files match a pattern in the file name (files that don´t match don´t mind). What I want is that when a new file is created, the users or groups that can access the file are already fixed (is like putting g+s to a directory and all the files created have the directory group)
What I want, is to simulate this: http://en.wikipedia.org/wiki/Resource_Access_Control_Facility
Look at this: "In addition to being one of the most mature and scalable security monitors in computing, it has some interesting features that are not often found in Microsoft Windowshttp://en.wikipedia.org/wiki/Microsoft_Windows or Unix http://en.wikipedia.org/wiki/Unix environments. It can, for example, set permissions for file patterns — that is, set the permissions even for files that do not yet exist"
is this possible to simulate with SELinux or am I totally wrong?
I hope now it will clearer
Greetings and thaks for your answers
ESG
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
ESGLinux