Advice for installing test2 if you are going to be saving files
Russell Coker
russell at coker.com.au
Sun Apr 4 10:02:38 UTC 2004
On Sun, 4 Apr 2004 17:52, Brian Bober <netdemonz at yahoo.com> wrote:
> --- Russell Coker <russell at coker.com.au> wrote:
> > they have the same policy. If one installation of SE Linux has a user
> > entry for account netdemonz then any files you create will have the
> > context netdemonz:object_r:user_home_t (or something similar). If you
> > then boot a copy of SE Linux without a user entry for netdemonz then
> > those files will be unlabeled (and not accessible to non admin users).
>
> This won't mean that if you are trying to recover a disk that won't boot,
> or something, that you might not have access to your stuff if you can't
If you are recovering a damaged installation then you will do so as
sysadm_r:sysadm_t, and therefore you can access all files.
One thing to note about recovery is that there may be files with bad labels.
For example if a machine has a file in a user home dir with type
chkpwd_exec_t or the type of some other file that will trigger a transition
to a domain that has access to /etc/shadow then it's a problem. Like having
a SETUID root binary. Of course if you mount it in single-user mode it won't
necessarily be an issue, and you can use the context= mount option.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list