VMWare config issue (Newbie)
Earl
unorlist at yahoo.com
Mon Jun 28 16:10:49 UTC 2004
Removed vmware-config.pl from:
/etc/security/selinux/src/policy/file_contexts/program/vmware.fc
and relabeled. vmware-config.pl works.
Is anyone aware of a SELinux + VMWare "cookbook" to
implement something like NetTop?
Earl
--- Russell Coker <russell at coker.com.au> wrote:
> On Sat, 26 Jun 2004 05:42, Stephen Smalley
> <sds at epoch.ncsc.mil> wrote:
> > But I'm not clear that vmware-config.pl should be
> labeled vmware_exec_t
> > at all (vs. bin_t). What is the advantage of
> running the configuration
> > script in vmware_t vs. sysadm_t? There are no
> type transition rules for
> > vmware_t (except for /var/run files), so it
> doesn't help keep the
> > configuration in the right type.
>
> Yes, vmware-config.pl should be labelled as bin_t
> (IE removed from vmware.fc).
>
> But that's a small issue compared to all the other
> vmware issues. We want to
> have support for multiple domains for vmware for
> different user roles, and
> the policy should be easily configurable for one
> user to be able to launch
> vmware in different domains for NetTop type stuff.
>
> --
> http://www.coker.com.au/selinux/ My NSA Security
> Enhanced Linux packages
> http://www.coker.com.au/bonnie++/ Bonnie++ hard
> drive benchmark
> http://www.coker.com.au/postal/ Postal SMTP/POP
> benchmark
> http://www.coker.com.au/~russell/ My home page
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
>
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
More information about the fedora-selinux-list
mailing list