Bug 129584: restrictions on user_t
Ivan Gyurdiev
ivg2 at cornell.edu
Wed Sep 15 20:46:12 UTC 2004
Bug link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584
> Additional Comment #9 From Daniel Walsh (dwalsh at redhat.com) on
> 2004-09-15 15:55
> Yes there are a lot of files that user can not access. Mainly any
> file that has a security context associated with it and doesn't have
> the attribute usercanread.
> Again I want to bring this conversation to the public list and come to
> concensus. We can add usercanread to these files, but the question
> than is should a user be able to read all files even if they are world
> readable.
I don't see why not. If you think the user should not be able
to read those files, then why aren't their permissions flags
set accordingly? If a file was intended to be readable only
by a certain application or only by root then it could have had
the proper user/group/rwx flags set - this restriction could
have been imposed without SELinux. If it is marked
user readable then it seems to me that any user should
be able to read it (or at least that there are no
security reasons to deny it). So why
does SElinux impose restrictions on user_t
that contradict this explicit setting?
--
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University
More information about the fedora-selinux-list
mailing list