SELinux: create new open permission
Adds a new open permission inside SELinux when 'opening' a file. The idea is that opening a file and reading/writing to that file are not the same thing. Its different if a program had its stdout redirected to /tmp/output than if the program tried to directly open /tmp/output. This should allow policy writers to more liberally give read/write permissions across the policy while still blocking many design and programing flaws SELinux is so good at catching today. Signed-off-by: NEric Paris <eparis@redhat.com> Acked-by: NStephen Smalley <sds@tycho.nsa.gov> Reviewed-by: NPaul Moore <paul.moore@hp.com> Signed-off-by: NJames Morris <jmorris@namei.org>
Showing
想要评论请 注册 或 登录