SELinux enforcing disallows opening floppy drive in Nautilus
Stephen Smalley
sds at tycho.nsa.gov
Fri Apr 14 15:11:24 UTC 2006
On Fri, 2006-04-14 at 10:53 -0400, Daniel J Walsh wrote:
> Please turn on restorecond
>
> chkconfig --add restorecond
> service restorecond start
>
> We are not transitioning to mount_t from unconfined_t because it causes
> lots of other problems such as
>
> mount > ~/mymounts failing etc. This is the type of problems
> restorecond is designed to fix.
Hmmm..why not create a user_mount_t domain and transition to it from
unconfined_t, and let it write to user home directory types? While
leaving mount_t alone. Then you can define a type transition on
user_mount_t etc_t:file etc_runtime_t. Relying on restorecond for
something that can be easily addressed via a type transition seems
wrong.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list