selinux prelink avc's (broken paths in policy?)
Stephen Smalley
sds at tycho.nsa.gov
Wed May 24 17:10:42 UTC 2006
On Wed, 2006-05-24 at 18:04 +0100, Paul Howarth wrote:
> I think the best policy, for the avoidance of confusion for people
> writing policy modules or calling semanage in rpm post-install scripts,
> is to encourage them to use strings that will sort as "more specific",
> i.e. avoid metacharacters if possible, and if not, use as long a stem as
> possible. This probably means having two separate entries for things
> that will go under /lib or /lib64, rather than the current idiom of
> /lib(64)?, which has a metacharacter very early in the string.
Yes, this would be desirable even in the base policy module.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list