Odd boolean in /etc/selinux/strict/booleans?
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 31 13:09:38 UTC 2005
Ivan Gyurdiev wrote:
>>How come it's disable_games in strict/booleans, but disable_games_trans in the
>>policy?
>>
>>
>
>disable_games_trans is correct, the file's probably out of date.
>
>How come some of those booleans are set to 0 by default - doesn't
>that match the selinux policy? Is the booleans file supposed to
>override the src defaults? If so, shouldn't there be only 1s in that
>file (since the src defaults are all 0)?
>
>Also, the securitylevel app marks things "Changed" every time I toggle
>them. It seems like it would be better if it marked thigs back to
>"Unchanged" when I toggled them back, to prevent it from writing out
>every random thing I toggle into booleans.local, whether or not I change
>it back to where it was.
>
>Also, my old booleans file went to booleans.rpmsave. Does that mean that
>my booleans will be reset upon reboot? If so, should the %post script do
>something about that to address upgrade path from FC3->FC4?
>
>
>
Bad name in the installed file. It used to be disable_games. We might
want to add a
boolean back in to prevent users from running games at all. But we
would need to remove
exec_type from the attribute.
Dan
--
More information about the fedora-selinux-list
mailing list