[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: get the red and green back (really consoletype, rhgb)

From: Russell Coker <russell coker com au>
To: fedora-selinux-list redhat com, Tom London <selinux gmail com>
Cc:
Subject: Re: get the red and green back (really consoletype, rhgb)
Date: Thu, 23 Sep 2004 04:29:36 +1000

On Sat, 18 Sep 2004 04:35, Tom London <selinux gmail com> wrote:
> Need this in rhgb.te:
>
> --- /etc/selinux/strict/src-1.17.18-1/policy/domains/program/rhgb.te
>  2004-09-17 11:32:00.886510890 -0700
> +++ ./rhgb.te   2004-09-17 11:33:42.601099238 -0700
> @@ -34,7 +34,7 @@
>  allow insmod_t rhgb_t:fd use;
>
>  allow rhgb_t ramfs_t:filesystem { mount unmount };
> -allow rhgb_t root_t:dir { mounton };
> +allow rhgb_t { root_t mnt_t }:dir { mounton };
>  allow rhgb_t rhgb_t:capability { sys_admin };
>  dontaudit rhgb_t var_run_t:dir { search };
>
> Otherwise can't mount....

Does it still need access to mount on type root_t?

RHGB doesn't work for me at the moment due to other errors so I can't test.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Follow-Ups:
- Re: get the red and green back (really consoletype, rhgb)
  - From: Daniel J Walsh

References:
- get the red and green back (really consoletype, rhgb)
  - From: Tom London
- Re: get the red and green back (really consoletype, rhgb)
  - From: Tom London
- Re: get the red and green back (really consoletype, rhgb)
  - From: Tom London

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]