SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] Gentoo-specific initrc This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Russell Coker <russell_at_coker.com.au> Date: Mon, 20 Sep 2004 07:04:46 +1000 On Sun, 19 Sep 2004 23:08, Chris PeBenito <pebenito@gentoo.org> wrote: > > +allow initrc_t etc_runtime_t:dir read; > > > > Your patch doesn't include any .fc entries to label a directory as > > etc_runtime_t. > > This is going to appear in my types.fc patch. The directory I'm > referring to is not specific to initrc. What is the purpose of a etc_runtime_t directory? Currently any process that can create files as etc_runtime_t can write to a directory labelled as etc_t. Are you planning to change that? > > +domain_auto_trans(sysadm_t,initrc_exec_t,run_init_t) > > > > This isn't something I expected, I'm not sure if it's desirable to do it > > like that but I can't think of any better way. Steve, what do you think > > about this? > > Since run_init is integrated into our init script interpreter, there is > afaik no other way to get into run_init_t since the scripts are run as > usual (/etc/init.d/foo start). Yes. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Sun 19 Sep 2004 - 17:04:58 EDT This message: [ Message body ] Next message: Joshua Brindle: "Re: [RFC] Upstream policy handling" Previous message: Luke Kenneth Casson Leighton: "Re: [RFC] Upstream policy handling" In reply to: Chris PeBenito: "Re: [PATCH] Gentoo-specific initrc" Next in thread: Chris PeBenito: "Re: [PATCH] Gentoo-specific initrc" Reply: Chris PeBenito: "Re: [PATCH] Gentoo-specific initrc" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom