[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SELinux enforcing disallows opening floppy drive in Nautilus
- From: Stephen Smalley <sds tycho nsa gov>
- To: Daniel J Walsh <dwalsh redhat com>
- Cc: jcliburn gmail com, fedora-selinux-list redhat com
- Subject: Re: SELinux enforcing disallows opening floppy drive in Nautilus
- Date: Fri, 14 Apr 2006 11:11:24 -0400
On Fri, 2006-04-14 at 10:53 -0400, Daniel J Walsh wrote:
> Please turn on restorecond
>
> chkconfig --add restorecond
> service restorecond start
>
> We are not transitioning to mount_t from unconfined_t because it causes
> lots of other problems such as
>
> mount > ~/mymounts failing etc. This is the type of problems
> restorecond is designed to fix.
Hmmm..why not create a user_mount_t domain and transition to it from
unconfined_t, and let it write to user home directory types? While
leaving mount_t alone. Then you can define a type transition on
user_mount_t etc_t:file etc_runtime_t. Relying on restorecond for
something that can be easily addressed via a type transition seems
wrong.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]