[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Groups in the alternative user solution

To: Daniel J Walsh <dwalsh@xxxxxxxxxx>
Subject: Re: Groups in the alternative user solution
From: Colin Walters <walters@xxxxxxxxxx>
Date: Tue, 05 Jul 2005 15:33:51 -0400
Cc: selinux@xxxxxxxxxxxxx
In-reply-to: <42CADC3F.8000206@xxxxxxxxxx>
References: <20050630191417.26186.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <42CADC3F.8000206@xxxxxxxxxx>
Sender: owner-selinux@xxxxxxxxxxxxx

On Tue, 2005-07-05 at 15:15 -0400, Daniel J Walsh wrote:

> 
> This would potentially eliminate the 1000's of file contexts files problem,
> since almost all users would map to the default user_r and user_home_t...
> for his home dir file context.

But isn't a large part of the point of this to ensure that e.g. grissom
can never access medical records stored in welby's home directory, even
if welby accidentally sets the DAC permissions to allow it?  Or is
something else in this scheme preventing that?

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: Groups in the alternative user solution
  - From: Daniel J Walsh

References:
- Re: Groups in the alternative user solution
  - From: Casey Schaufler
- Re: Groups in the alternative user solution
  - From: Daniel J Walsh

Prev by Date: Re: Groups in the alternative user solution
Next by Date: Re: Groups in the alternative user solution
Previous by thread: Re: Groups in the alternative user solution
Next by thread: Re: Groups in the alternative user solution
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.