latest policy: in.comsat, dbskkd-cdb, ktalkd, ..
Tom London
selinux at comcast.net
Tue Aug 24 14:17:48 UTC 2004
Russell,
Understood. Let me dig into it.
tom
> ------------------------------------------------------------------------
>
> * /From/: Russell Coker <russell coker com au>
>
> ------------------------------------------------------------------------
>
>On Tue, 24 Aug 2004 02:04, Stephen Smalley <sds epoch ncsc mil> wrote:
>> On Mon, 2004-08-23 at 11:31, Tom London wrote:
>> > Latest Rawhide policy seems to 'reverse the labeling' of programs
>> > started from xinetd, like in.comsat, ... (strict/enforcing)
>>
>> inetd.fc entries removed at Russell's request, as the inetd_child_t
>> domain wasn't sufficient anyway to allow those programs to run properly,
>> and labeling them inetd_child_exec_t merely masked the lack of proper
>> security domains for those programs and encouraged bleeding permissions
>> into inetd_child_t.
>
>Some of those programs need to have policy written for them. Some need to be
>re-written, reconfigured, or replaced. At least now they won't be forgotten.
>
>Tom, if you would like to contribute policy for any of these...
>
More information about the fedora-selinux-list
mailing list