Re: dir permissions
On Sat, 2002-07-13 at 02:28, Joseph Carter wrote:
> > I plan to solve that by having the following rule:
> > file_type_auto_trans(user_games_t, user_home_dir_t, user_home_games_t)
> >
> > So when the user_games_t domain (entered by executing a games_exec_t program
> > from the user_t domain) creates a file under the user_home_dir_t directory
> > (the user's home dir) then a new file or directory can be created with type
> > user_home_games_t (and user_games_t gets full access to that type).
>
> If I have to recompile all of my games which use ~/.foorc or ~/.foo/bar
> and move everything around, I will be somewhat annoyed. It might be a
> good thng to do anyway (I have some 200+ dotfiles/dotdirs in ~) but I will
> still be annoyed. =)
I don't think any changes to source code or any recompilations would be
required.
Only the selinux policy needs to be changed.
It sounds like a good idea to me, it restricts what files games can
access if they are somehow compromised.
--
Brian May <bam@snoopy.apana.org.au>
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: