more fine grained access in /etc
Jason L Tibbitts III
tibbs at math.uh.edu
Fri Sep 21 15:28:36 UTC 2007
>>>>> "DJW" == Daniel J Walsh <dwalsh at redhat.com> writes:
DJW> We could do something like this with attributes.
I wonder if this would help my situation with denyhosts. The problem
with denyhosts is that it needs to write to /etc/hosts.deny, which
means that from the standpoint of selinux it needs to write to etc_t,
which means it gets to write to /etc/passwd as well. I've not
bothered to even attempt to write a policy for denyhosts given that it
would be mostly pointless if it would still get to trash /etc.
- J<
More information about the fedora-selinux-list
mailing list