Not good
David Caplan
dac at tresys.com
Tue Apr 6 13:15:23 UTC 2004
Daniel J Walsh wrote:
> Gene Czarcinski wrote:
>
>>
>> I do believe that the policy packages needs some work:
>>
>> 1. Cannot be built in a private build tree (this possibly caused the
>> "policy." problem which is fixed in 1.9.2-11 ... we will see if it
>> builds in the private tree by a regular user).
>>
>>
> This is a bug caused by the user being unable to read policy_config_t
> files (file_context)
>
I'm not sure I see what the "bug" is here. A "regular user" should not
be building the policy for a system. A user should be able to build a
private copy of the policy (eg, for testing, analysis, etc), but these
files should have regular user file labels (i.e., *not* policy_config_t
or policy_src_t). Any user/domain should be able to run checkpolicy,
but much thought and consideration needs to be given as to which domains
may run checkpolicy in the checkpolicy_t domain. Maybe I'm reading too
much into this?
David
--
__________________________________
David Caplan 410 290 1411 x105
dac at tresys.com
Tresys Technology, LLC
8840 Stanford Blvd., Suite 2100
Columbia, MD 21045
More information about the fedora-selinux-list
mailing list