Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListQuestion: ROLE_file_type vs customizable
From: Ivan Gyurdiev <ivg2_at_cornell.edu>
Date: Thu, 14 Apr 2005 16:20:06 -0400
Here are all the allow rules associated with $1_file_type. Why is gpg able to write to every file type marked with this attribute?
allow sysadm_gpg_t sysadm_file_type:dir { read getattr lock search ioctl
add_name remove_name write };
allow user_file_type user_home_t:filesystem associate; allow staff_gpg_t staff_file_type:dir { read getattr lock search ioctl add_name remove_name write }; allow staff_gpg_t staff_file_type:file { create ioctl read getattr lockwrite setattr append link unlink rename }; allow staff_gpg_t staff_file_type:lnk_file { create read getattr setattr link unlink rename }; allow staff_locate_t { home_root_t staff_home_dir_t staff_file_type }:dir { getattr search }; allow staff_locate_t staff_file_type:{ file lnk_file } { getattr read }; allow staff_file_type staff_home_t:filesystem associate; -- Ivan Gyurdiev <ivg2@cornell.edu> Cornell University -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Thu 14 Apr 2005 - 16:17:46 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |