[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: SELinux and gitosis (FC11)

From: Jonathan Stott <jonathan stott gmail com>
To: Daniel J Walsh <dwalsh redhat com>
Cc: fedora-selinux-list redhat com
Subject: Re: SELinux and gitosis (FC11)
Date: Tue, 7 Jul 2009 14:07:59 +0100

2009/7/7 Daniel J Walsh <dwalsh redhat com>:
>
> So you intended on using the guest_t user?  What does the te file created by
> audit2allow look like?
>
> I think the problem here is the guest_t user is running at s0 and trying to
> write to a fifo_file at s0-s0:c0.c1023
>
> If you take the above audit messages and run them through audit2why, what
> does the tool say?
>

It says the errors were caused by:
	Was caused by:
		Policy constraint violation.

		May require adding a type attribute to the domain or type to satisfy
the constraint.

		Constraints are defined in the policy sources in policy/constraints
(general), policy/mcs (MCS), and policy/mls (MLS).

And when I run them through audit2why gives me

#============= guest_t ==============
allow guest_t sshd_t:fifo_file write;

Which looks vaguely sane to my untrained eye.

I'm not particularly wedded to the guest user in specific, but I would
prefer it to have a minimal privilege user, since it has no need to do
anything but manage the git repositories in the home directory.

Regards
Jon

Follow-Ups:
- Re: SELinux and gitosis (FC11)
  - From: Daniel J Walsh
- Re: SELinux and gitosis (FC11)
  - From: Daniel J Walsh

References:
- Re: SELinux and gitosis (FC11)
  - From: Jonathan Stott
- Re: SELinux and gitosis (FC11)
  - From: Daniel J Walsh
- Re: SELinux and gitosis (FC11)
  - From: Jonathan Stott
- Re: SELinux and gitosis (FC11)
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]