[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Proposal: Improving SELinux <--> user interaction on Fedora - Kerneloops for SELinux



On Thu, 17 Jul 2008, Daniel J Walsh wrote:

> We have just added a new access called open.  Before we had only
> read/write.  You could get read/write errors from open file descriptors
> being passed around as explained above.  useradd dwalsh > ~/myhome  will
> generate an Read/write avc.  This is not some thing to worry about,
> however if named suddenly got an "open" avc on user_home_t you know you
> have a problem.  Since named should never be opening files in the homedir.

Btw, for those that missed it, I covered the new open perm here:
http://james-morris.livejournal.com/31714.html

One effect of this is that I think you could say it makes SELinux a 
lot more Unix-y.


- James
-- 
James Morris
<jmorris namei org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]