[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Why can not user_t link var_lib_t files?

From: "Göran Uddeborg" <goeran uddeborg se>
To: Dominick Grift <domg472 gmail com>
Cc: fedora-selinux-list redhat com
Subject: Re: Why can not user_t link var_lib_t files?
Date: Sun, 17 May 2009 22:26:24 +0200

Dominick Grift writes:
> Most stuff in /var is system stuff and not for
> users. So if a user has nothing to do there then no need to give them
> access either.
> 
> Stuff like /var/spool/mail/<user> is  however accessible.

Most things in /var is ACCESSIBLE.  The same user that could not link
the file had no problems copying it.

I was under the impression that user_u was not meant to be overly
restricted.  It should not be able to do su/sudo and other kinds of
system work.  But apart from that I thought it was meant to be able to
do most things regular users on non-SELinux systems can do.

That was the impression I got from
http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html
among other places.  But maybe I have misunderstood things.

Follow-Ups:
- Re: Why can not user_t link var_lib_t files?
  - From: Daniel J Walsh

References:
- Why can not user_t link var_lib_t files?
  - From: Göran Uddeborg
- Re: Why can not user_t link var_lib_t files?
  - From: Dominick Grift

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]