CD burning in FC2 - is it easier?
Russell Coker
russell at coker.com.au
Sat Mar 20 10:24:00 UTC 2004
On Sat, 20 Mar 2004 20:19, Ronny Buchmann <ronny-vlug at vlugnet.org> wrote:
> > You can't allow applications to issue raw commands without privileges
> > by either interface. Not using ide-scsi makes it much easier to handle
> > IDE burning - because the device has one name, but doesn't really deal
> > with the fact that scsi level command access allows you to do stuff like
> > 'erase firmware', which normally suggests root only is good )
>
> Shouldn't setuid root cdrecord be safe with SELinux?
SETUID means nothing to SE Linux. To allow extra privs in SE Linux you also
need a domain transition. This can be done, but then we need appropriate
policy for CD burning.
In FC2 the loose policy for user domains should permit this. But for RHEL we
need something better.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list