Bug 129584: restrictions on user_t

[Ivan Gyurdiev <ivg2 cornell edu>]

Bug link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584

> Additional Comment #9 From Daniel Walsh (dwalsh redhat com)  on 
> 2004-09-15 15:55

> Yes there are a lot of files that user can not access.  Mainly any
> file that has a security context associated with it and doesn't have
> the attribute usercanread.  

> Again I want to bring this conversation to the public list and come to
> concensus.  We can add usercanread to these files, but the question
> than is should a user be able to read all files even if they are world
> readable.

I don't see why not. If you think the user should not be able 
to read those files, then why aren't their permissions flags
set accordingly? If a file was intended to be readable only 
by a certain application or only by root then it could have had
the proper user/group/rwx flags set - this restriction could
have been imposed without SELinux. If it is marked
user readable then it seems to me that any user should
be able to read it (or at least that there are no
security reasons to deny it). So why 
does SElinux impose restrictions on user_t
that contradict this explicit setting?  

-- 
Ivan Gyurdiev <ivg2 cornell edu>
Cornell University