[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch] screen_macros.te
On Thursday 06 January 2005 00:21, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> I would like to add a new file type cert_t for ssl cert files, since
> these are defaulted to usr_t right now.
> Shouldn't these be protected at a higher level?
Are you talking about protecting the integrity or the secrecy of data in such
files?
If integrity then anything which can write to usr_t can break the system
anyway. If secrecy then nothing in an rpm is secret anyway.
If there are certificates that have any secret data then they should be
somewhere other than under /usr.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
This mailing list archive is a service of Copilot Consulting.