Selinux question
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 13 10:26:03 UTC 2005
Mathew Pullar wrote:
>Hi,
>I have just started to experiment with selinux and noticed the "User
>Privs" section in system-config-securitylevel-gui and unticked allow
>users to ping and allow users to read default system files. I then
>created a new normal user account to test the changes i had made.
>The new user was able to ping to and to read default system files such
>as /etc/inittab.
>I then thought perhaps relabelling was required so rebooted and
>relabeled. This however still allowed normal users to ping.
>My current selinux config is set to enabled and enforcing.
>Any help would be greatly appreciated.
>
>
>
Are you running strict policy?
default system files are files that are marked with file context
default_t. You should not
have many of them on the system.
Dan
--
More information about the fedora-list
mailing list