Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux
James Morris
jmorris at namei.org
Sat Jul 19 08:16:41 UTC 2008
On Thu, 17 Jul 2008, Daniel J Walsh wrote:
> We have just added a new access called open. Before we had only
> read/write. You could get read/write errors from open file descriptors
> being passed around as explained above. useradd dwalsh > ~/myhome will
> generate an Read/write avc. This is not some thing to worry about,
> however if named suddenly got an "open" avc on user_home_t you know you
> have a problem. Since named should never be opening files in the homedir.
Btw, for those that missed it, I covered the new open perm here:
http://james-morris.livejournal.com/31714.html
One effect of this is that I think you could say it makes SELinux a
lot more Unix-y.
- James
--
James Morris
<jmorris at namei.org>
More information about the fedora-devel-list
mailing list