latest policy: in.comsat, dbskkd-cdb, ktalkd, ...

Stephen Smalley sds at epoch.ncsc.mil
Mon Aug 23 16:04:31 UTC 2004


On Mon, 2004-08-23 at 11:31, Tom London wrote:
> Latest Rawhide policy seems to 'reverse the labeling' of programs
> started from xinetd, like in.comsat, ... (strict/enforcing)

inetd.fc entries removed at Russell's request, as the inetd_child_t
domain wasn't sufficient anyway to allow those programs to run properly,
and labeling them inetd_child_exec_t merely masked the lack of proper
security domains for those programs and encouraged bleeding permissions
into inetd_child_t.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the fedora-selinux-list mailing list