[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: selinux prelink avc's (broken paths in policy?)
- From: Stephen Smalley <sds tycho nsa gov>
- To: Paul Howarth <paul city-fan org>
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: selinux prelink avc's (broken paths in policy?)
- Date: Wed, 24 May 2006 13:10:42 -0400
On Wed, 2006-05-24 at 18:04 +0100, Paul Howarth wrote:
> I think the best policy, for the avoidance of confusion for people
> writing policy modules or calling semanage in rpm post-install scripts,
> is to encourage them to use strings that will sort as "more specific",
> i.e. avoid metacharacters if possible, and if not, use as long a stem as
> possible. This probably means having two separate entries for things
> that will go under /lib or /lib64, rather than the current idiom of
> /lib(64)?, which has a metacharacter very early in the string.
Yes, this would be desirable even in the base policy module.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]