* (no subject)
@ 2002-02-27 19:02 Metrix
2002-02-27 19:30 ` Russell Coker
2002-02-27 19:33 ` your mail Stephen Smalley
0 siblings, 2 replies; 3+ messages in thread
From: Metrix @ 2002-02-27 19:02 UTC (permalink / raw)
To: selinux
with selinux is it possible to say make a file or
directory unable to be viewed, deleted or moved, or
even altered, the ONLY operation allowed is
appending....is this possible to implement with
selinux?
i am a bit unsure oh what MAC and such is, is there a
guide somewhere that clearly explains it?
__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re:
2002-02-27 19:02 Metrix
@ 2002-02-27 19:30 ` Russell Coker
2002-02-27 19:33 ` your mail Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Russell Coker @ 2002-02-27 19:30 UTC (permalink / raw)
To: Metrix, selinux
On Wed, 27 Feb 2002 20:02, Metrix wrote:
> with selinux is it possible to say make a file or
> directory unable to be viewed, deleted or moved, or
> even altered, the ONLY operation allowed is
> appending....is this possible to implement with
> selinux?
If you read macros.te in the policy directory you'll see all the operations
that are controllabl.
In the rw_file_perms macro you can see that there's an "append" item to
control appending to a file separately to writing.
The ra_dir_perms macro seems to do what you want for directories.
--
If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: your mail
2002-02-27 19:02 Metrix
2002-02-27 19:30 ` Russell Coker
@ 2002-02-27 19:33 ` Stephen Smalley
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2002-02-27 19:33 UTC (permalink / raw)
To: Metrix; +Cc: selinux
On Wed, 27 Feb 2002, Metrix wrote:
> with selinux is it possible to say make a file or
> directory unable to be viewed, deleted or moved, or
> even altered, the ONLY operation allowed is
> appending....is this possible to implement with
> selinux?
You can certainly define a type, only grant append permission to it in
the policy configuration, and label a file with it.
> i am a bit unsure oh what MAC and such is, is there a
> guide somewhere that clearly explains it?
I'd suggest reading the papers available from
http://www.nsa.gov/selinux/docs.html.
--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-02-27 19:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-02-27 19:02 Metrix
2002-02-27 19:30 ` Russell Coker
2002-02-27 19:33 ` your mail Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.