VMWare config issue (Newbie)
Russell Coker
russell at coker.com.au
Sat Jun 26 08:15:10 UTC 2004
On Sat, 26 Jun 2004 05:42, Stephen Smalley <sds at epoch.ncsc.mil> wrote:
> But I'm not clear that vmware-config.pl should be labeled vmware_exec_t
> at all (vs. bin_t). What is the advantage of running the configuration
> script in vmware_t vs. sysadm_t? There are no type transition rules for
> vmware_t (except for /var/run files), so it doesn't help keep the
> configuration in the right type.
Yes, vmware-config.pl should be labelled as bin_t (IE removed from vmware.fc).
But that's a small issue compared to all the other vmware issues. We want to
have support for multiple domains for vmware for different user roles, and
the policy should be easily configurable for one user to be able to launch
vmware in different domains for NetTop type stuff.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list