Odd boolean in /etc/selinux/strict/booleans?

Daniel J Walsh dwalsh at redhat.com
Thu Mar 31 13:09:38 UTC 2005


Ivan Gyurdiev wrote:

>>How come it's disable_games in strict/booleans, but disable_games_trans in the
>>policy?
>>    
>>
>
>disable_games_trans is correct, the file's probably out of date.
>
>How come some of those booleans are set to 0 by default - doesn't 
>that match the selinux policy? Is the booleans file supposed to
>override the src defaults? If so, shouldn't there be only 1s in that
>file (since the src defaults are all 0)?
>
>Also, the securitylevel app marks things "Changed" every time I toggle
>them. It seems like it would be better if it marked thigs back to
>"Unchanged" when I toggled them back, to prevent it from writing out
>every random thing I toggle into booleans.local, whether or not I change
>it back to where it was.
>
>Also, my old booleans file went to booleans.rpmsave. Does that mean that
>my booleans will be reset upon reboot? If so, should the %post script do
>something about that to address upgrade path from FC3->FC4?
>
>  
>
Bad name in the installed file.  It used to be disable_games.  We might 
want to add a
boolean back in to prevent users from running games at all.  But we 
would need to remove
exec_type from the attribute.

Dan

-- 





More information about the fedora-selinux-list mailing list