[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: home dir issues w/ latest policy

From: Ivan Gyurdiev <ivg2 cornell edu>
To: Bob Kashani <bobk ocf berkeley edu>
Cc: fedora-selinux-list redhat com
Subject: Re: home dir issues w/ latest policy
Date: Sat, 11 Jun 2005 02:37:09 -0400

> Well, I used audit2allow and it said I needed:
> 
> allow unconfined_t user_home_t:file execmod;
> 
> So I added it to the Shared Library section
> of /etc/selinux/targeted/src/policy/domains/unconfined.te
> 
> And things seem to work. :) Is this correct?

Correct ..hmm

Well, you might have a case for targeted (being un-confined), 
but in strict this is definitely not ok. The proper
solution is to compile the library without text relocations.
If that is not possible, the library can be labeled texrel_shlib_t
to workaround the problem. However, there's the issue that 
an unprivileged user, such as yourself, is not allowed to
label things texrel_shlib_t. 

-- 
Ivan Gyurdiev <ivg2 cornell edu>
Cornell University

References:
- home dir issues w/ latest policy
  - From: Bob Kashani
- Re: home dir issues w/ latest policy
  - From: Ivan Gyurdiev
- Re: home dir issues w/ latest policy
  - From: Ivan Gyurdiev
- Re: home dir issues w/ latest policy
  - From: Bob Kashani
- Re: home dir issues w/ latest policy
  - From: Ivan Gyurdiev
- Re: home dir issues w/ latest policy
  - From: Bob Kashani

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]