[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New policy for yam



On Sunday 13 March 2005 10:50, David Hampton <hampton-rh rainbolthampton net> 
wrote:
> This is written on an FC3 base system using the selinux-policy-strict-
> sources-1.22.1-2 policy from March 11th.  These are the first policies
> I've submitted so I'd appreciate any comments on how to write better
> policies.

Any reference to user_t, user_home_t, user_home_dir_t etc in policy is a bug.

Running such a program from user_t (or some other unprivileged domain) will be 
better for overall security than having a domain that you can transition to 
from sysadm_t.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]