On Thu, 17 Jan 2002, Trent Jaeger wrote:

> Should the following be changed as follows, should System.map always be a
> file, or is there something else wrong.
>
> old: allow domains boot_t:file r_file_perms;
> to: allow domains boot_t:{file lnk_file} r_file_perms;

This change is fine (except that you presumably mean 'domain' not 'domains'). This is just an oversight in the example policy. I expect that there are a number of similar omissions. Thanks for mentioning it. Please keep in mind that the example policy is just an example to help demonstrate SELinux and to provide people with a starting point. We don't view it as "complete" (indeed, "complete" is meaningless without a better definition of the target environment and the security requirements). As always, we encourage feedback and contributions to the example policy to help make it more "complete".

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com





--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.