Odd boolean in /etc/selinux/strict/booleans?

Daniel J Walsh dwalsh at redhat.com
Thu Mar 31 16:09:15 UTC 2005

Ivan Gyurdiev wrote:

>>Bad name in the installed file.  It used to be disable_games.  We might 
>>want to add a
>>boolean back in to prevent users from running games at all.  But we 
>>would need to remove
>>exec_type from the attribute.
>Prevent users from running games? Why do we want to do that?
>What's wrong with the current approach to doing this...namely..don't
>install any games, and then the users won't be running them.
I am thinking of the situation where you might want to users in a 
certain role allowed to play games and others not, on a shared
machine.  A more interesting example would be to disallow sysadm from 
running games, mozilla ...

Basically a user accidently runs mozilla or a game while newroled to 
sysadm.  Might be nice to have that error out.
Ordinarily a transition happens but still It would be nice to prevent this.



More information about the fedora-selinux-list mailing list