From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 09 Jun 2009 06:33:09 -0400
Subject: [refpolicy] kernel_storage.patch
In-Reply-To: <1244481472.21565.454.camel@gorn>
References: <4A15730D.10405@redhat.com> <1244481472.21565.454.camel@gorn>
Message-ID: <4A2E3A65.4090801@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/08/2009 01:17 PM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 11:28 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_storage.patch
>>
>> /dev/fuse should be s0 not mls_high
>
>> From my understanding of the FUSE website, the data from the userland FS
> is transferred through this device.  Since the data may go up to system
> high, I believe the device should still be system high.
>
Making it systemhigh will generate lots of AVC messages on every login 
at X Since fusefs is mounted at ~/.gfs.  It will also make it unusable I 
believe on an MLS machine.  Mostly I have seen fusefs used for remote 
access to data.  sshfs for example.