On Thu, Jan 3, 2013 at 1:32 PM, Stephen Smalley <[email protected]> wrote: > On 01/03/2013 04:08 PM, William Roberts wrote: >> >> Is their a way to change the ending inode context, the one under >> sdcard? vfat only supports one contexts correct? > > > You can't set an individual security context on a vfat file because the > filesystem type doesn't support storing per-file security attributes. No > different than uid/gid and any mode bit not supported by vfat. If you had > multiple vfat mounts, then you could label each one of them differently. > But not per-file within a mount. And they have to be mounts with separate > backing store. > > >> Just to verify, it looks like it is doing this, each inode's context >> is checked against the policy along the way, correct? > > > The inode is labeled with the appropriate context when it is created, and > then that context is used in permission checks on that inode when it is > accessed.
Ok thats what I thought, every inode access is verified which means every inode in that "chain" is checked. > -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
