[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux enforcing disallows opening floppy drive in Nautilus

From: Stephen Smalley <sds tycho nsa gov>
To: Ron Yorston <rmy tigress co uk>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: SELinux enforcing disallows opening floppy drive in Nautilus
Date: Wed, 12 Apr 2006 14:49:36 -0400

On Wed, 2006-04-12 at 14:43 -0400, Stephen Smalley wrote:
> > And "some process" can be as simple as umount:
> > 
> >    # ls -Z /etc/mtab
> >    -rw-r--r--  root     root     system_u:object_r:etc_runtime_t  /etc/mtab
> >    # ls -i /etc/mtab
> >    31987 /etc/mtab
> >    # umount /opt
> >    # ls -Z /etc/mtab
> >    -rw-r--r--  root     root     user_u:object_r:etc_t            /etc/mtab
> >    # ls -i /etc/mtab
> >    33358 /etc/mtab
> 
> Hmm...that's interesting.  umount should run in the same domain as
> mount, and they should thus have a type transition on etc_t:file to
> etc_runtime_t.  ls -Z /bin/umount

Looks like there is no transition defined into mount_t from
unconfined_t?  So umount and mount are just run in unconfined_t?  And
unconfined_t lacks the type transition?

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: J. K. Cliburn

References:
- SELinux enforcing disallows opening floppy drive in Nautilus
  - From: J. K. Cliburn
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: Ron Yorston
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: J. K. Cliburn
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: Stephen Smalley
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: Ron Yorston
- Re: SELinux enforcing disallows opening floppy drive in Nautilus
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]