[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: more fine grained access in /etc

From: Jason L Tibbitts III <tibbs math uh edu>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-selinux-list redhat com, Torbjørn Lindah
Subject: Re: more fine grained access in /etc
Date: 21 Sep 2007 10:28:36 -0500

>>>>> "DJW" == Daniel J Walsh <dwalsh redhat com> writes:

DJW> We could do something like this with attributes.

I wonder if this would help my situation with denyhosts.  The problem
with denyhosts is that it needs to write to /etc/hosts.deny, which
means that from the standpoint of selinux it needs to write to etc_t,
which means it gets to write to /etc/passwd as well.  I've not
bothered to even attempt to write a policy for denyhosts given that it
would be mostly pointless if it would still get to trash /etc.

 - J<

Follow-Ups:
- Re: more fine grained access in /etc
  - From: Daniel J Walsh

References:
- more fine grained access in /etc
  - From: Torbjørn Lindahl
- Re: more fine grained access in /etc
  - From: Daniel J Walsh
- Re: more fine grained access in /etc
  - From: Torbjørn Lindahl
- Re: more fine grained access in /etc
  - From: Daniel J Walsh
- Re: more fine grained access in /etc
  - From: Torbjørn Lindahl
- Re: more fine grained access in /etc
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]