http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
/dev/fuse should be s0 not mls_high
On Thu, 2009-05-21 at 11:28 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>
> /dev/fuse should be s0 not mls_high
>From my understanding of the FUSE website, the data from the userland FS
is transferred through this device. Since the data may go up to system
high, I believe the device should still be system high.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
On 06/08/2009 01:17 PM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:28 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>>
>> /dev/fuse should be s0 not mls_high
>
>> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device. Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login
at X Since fusefs is mounted at ~/.gfs. It will also make it unusable I
believe on an MLS machine. Mostly I have seen fusefs used for remote
access to data. sshfs for example.