[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] selinux question and answer



On 12/08/09 20:04, Richard W.M. Jones wrote:
On Wed, Aug 12, 2009 at 02:41:16PM -0400, Daniel J Walsh wrote:
F11, F12, F..., RHEL6 ...
setcon("unconfined_u:unconfined_r:unconfined_t:s0")

RHEL5
setcon("user_u:system_r:unconfined_t:s0")

Would be valid, then you do not need to worry about executing a shell.

Matt maybe we want this patch after all?


Ok. We have a use case (/etc/mtab) which would be broken without this. I'd go ahead and add it.

I'm inclined to try setcon to an ordered list of targets, stopping when one works. So far, I think we've got:

1. unconfined_u:unconfined_r:unconfined_t:s0
2. user_u:system_r:unconfined_t:s0
3. system_u:object_r:unconfined_t:s0

sysadm_t was mentioned on our call yesterday as being the root login domain for an MLS policy. What's a good set for MLS?

Thanks,

Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]