>>SELinux Mailing List

Contents

Overview

What's New

Frequently Asked Questions

Background

Documentation

License

Download

Participating

Mail List

Archive Summary

Archive by Thread

Archive by Author

Archive by Date

Archive by Subject

Remaining Work

Contributors

Related Work

Press Releases

Additional permissions that appear to be necessary

From: Justin Smith <jsmith_at_mcs.drexel.edu>
Date: 29 Jan 2002 11:51:10 -0500

This is apart from those made necessary by my own policy configuration (i.e., they probably apply to all Redhat 7.2 installations):

allow initrc_t initrc_t:socket { create };

allow kmod_t kmod_t:capability { setuid };

allow logrotate_t logrotate_t:capability { sys_pacct };

allow system_crond_t etc_t:dir { setattr write };
allow system_crond_t file_labels_t:dir { setattr };
allow system_crond_t var_lib_rpm_t:dir { add_name write };
allow system_crond_t var_lib_rpm_t:file { create read write };
allow system_crond_t var_log_t:file { setattr write };

The last 5 lines only appear after running a system for several days so that its periodic maintenance is performed.

-- 


--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Received on Tue 29 Jan 2002 - 12:00:47 EST

This message: [ Message body ]
Next message: Stephen Smalley: "Re: file labeling (was Re: applications and ports)"
Previous message: Paul Krumviede: "file labeling (was Re: applications and ports)"
Next in thread: Stephen Smalley: "Re: Additional permissions that appear to be necessary"
Reply: Stephen Smalley: "Re: Additional permissions that appear to be necessary"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:26 EDT