Odd boolean in /etc/selinux/strict/booleans?
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 31 16:09:15 UTC 2005
Ivan Gyurdiev wrote:
>>Bad name in the installed file. It used to be disable_games. We might
>>want to add a
>>boolean back in to prevent users from running games at all. But we
>>would need to remove
>>exec_type from the attribute.
>Prevent users from running games? Why do we want to do that?
>What's wrong with the current approach to doing this...namely..don't
>install any games, and then the users won't be running them.
I am thinking of the situation where you might want to users in a
certain role allowed to play games and others not, on a shared
machine. A more interesting example would be to disallow sysadm from
running games, mozilla ...
Basically a user accidently runs mozilla or a game while newroled to
sysadm. Might be nice to have that error out.
Ordinarily a transition happens but still It would be nice to prevent this.
More information about the fedora-selinux-list