[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mdadm policy

To: ivg2@xxxxxxxxxxx
Subject: Re: mdadm policy
From: Colin Walters <walters@xxxxxxxxxx>
Date: Fri, 24 Jun 2005 11:58:26 -0400
Cc: antoine <antoine@xxxxxxxxxxxxx>, SELinux <selinux@xxxxxxxxxxxxx>
In-reply-to: <1119627684.30464.8.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1119569243.9390.77.camel@localhost> <1119577846.20101.26.camel@xxxxxxxxxxxxxxxxxxxxx> <1119605711.9645.28.camel@localhost> <1119627684.30464.8.camel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Fri, 2005-06-24 at 11:41 -0400, Ivan Gyurdiev wrote:

> Those rules are usually added to access /etc/fstab and
> /etc/mtab.

And all the other random libc files.

> > * self:capability dac_override ipc_lock
> This looks interesting...

Could potentially be a problem; it'd be useful to track down what part
of the code needed it.

> > * read_sysctl(mdadm_t)
> > * r_dir_file(mdadm_t, sysfs_t)

I'm not sure why your version wouldn't need this.

> > * read_locale(mdadm_t)

You probably don't need this because you're using the "C" locale, but
the Fedora default is UTF-8, so it needs access to the locale files.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

References:
- mdadm policy
  - From: antoine
- Re: mdadm policy
  - From: Ivan Gyurdiev
- Re: mdadm policy
  - From: antoine
- Re: mdadm policy
  - From: Ivan Gyurdiev

Prev by Date: RE: file contexts and modularity
Next by Date: Alternative user management approach
Previous by thread: Re: mdadm policy
Next by thread: Re: mdadm policy
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.