Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: sysadm home label
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 14 Mar 2005 08:11:40 -0500
I think that this happened when genhomedircon was introduced, as it simply generates the types based on the first role listed in the users file for the user. Hence, you could move sysadm_r first in the list for root to cause genhomedircon to instead apply sysadm_home*_t to /root. However, you would then need to decide what if anything you want to do about appconfig/root_default_contexts, as gdm and sshd logins by root currently default to staff_t and will thus encounter denials (likely fatal for a gdm session, but not for sshd - you can then just newrole to sysadm_r). Of course, gdm and sshd logins by root aren't such a good idea anyway...
> 2) If it should stay at staff_home_t, why can't I typealias Right, if /root stays staff_home*_t, then sysadm_home*_t is unused and the dontaudit rules for it should be remapped to staff_home*_t. -- Stephen Smalley <sds@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 14 Mar 2005 - 08:24:55 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |