Re: [SE/Linux] status / progress report 13jun2004
On Fri, 18 Jun 2004 14:51, Brian May <bam@debian.org> wrote:
> >>>>> "Simon" == Simon Richter <sjr@debian.org> writes:
>
> Simon> Are these labels required for every package, or can they be
> Simon> left out for programs that are meant to be called by users
> Simon> and need no special privileges?
>
> They are required for every file, just like there are Unix permissions
> for every file.
Yes, but there are generalisations. Just as with Unix permissions you could
make all files in /bin, /sbin, /usr/sbin, and /usr/bin mode 0755 owned by
root:root and list the small number of exceptions we could have SE Linux type
labels be taken from the directory and make exceptions of the 500 or so
packages that would not fit with this.
Modifying 500 packages does not make sense though when we can more easily
modify a single package.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: