home dir issues w/ latest policy
Ivan Gyurdiev
ivg2 at cornell.edu
Sat Jun 11 06:37:09 UTC 2005
> Well, I used audit2allow and it said I needed:
>
> allow unconfined_t user_home_t:file execmod;
>
> So I added it to the Shared Library section
> of /etc/selinux/targeted/src/policy/domains/unconfined.te
>
> And things seem to work. :) Is this correct?
Correct ..hmm
Well, you might have a case for targeted (being un-confined),
but in strict this is definitely not ok. The proper
solution is to compile the library without text relocations.
If that is not possible, the library can be labeled texrel_shlib_t
to workaround the problem. However, there's the issue that
an unprivileged user, such as yourself, is not allowed to
label things texrel_shlib_t.
--
Ivan Gyurdiev <ivg2 at cornell.edu>
Cornell University
More information about the fedora-selinux-list
mailing list