New policy for yam
Russell Coker
russell at coker.com.au
Thu Apr 21 15:18:33 UTC 2005
On Sunday 13 March 2005 10:50, David Hampton <hampton-rh at rainbolthampton.net>
wrote:
> This is written on an FC3 base system using the selinux-policy-strict-
> sources-1.22.1-2 policy from March 11th. These are the first policies
> I've submitted so I'd appreciate any comments on how to write better
> policies.
Any reference to user_t, user_home_t, user_home_dir_t etc in policy is a bug.
Running such a program from user_t (or some other unprivileged domain) will be
better for overall security than having a domain that you can transition to
from sysadm_t.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list