Re: LSM-based systems and debian packages
On Tue, 2 Dec 2003 08:48, Andreas Barth <firstname.lastname@example.org> wrote:
> * Russell Coker (email@example.com) [031201 05:10]:
> > On Mon, 1 Dec 2003 07:43, Andreas Barth <firstname.lastname@example.org> wrote:
> > > What about the gettys? I'm asking this because I wrote the initial
> > > mail because of mgetty, a package where I expect some non-standard
> > > setup (though of course, I could be wrong, as I don't know much about
> > > this topic).
> Well, mgetty (and vgetty for voice) does also in addition to normal login
> - receive faxes (and can start a whole bunch of things with receiving
> faxes, like printing, forwarding per mail, ...)
> - receive voice messages (to these apply the same option as to faxes)
> - fire up pppd
> - fire up uucico
> - fire up [any custom programm, if configured by the system
This will require some new policy.
There is currently no uucp policy (it seems that no SE Linux users are using
it). For pppd something like domain_auto_trans(getty_t, pppd_exec_t, pppd_t)
should do it. For faxes and voice messages there is probably needed some
policy for fax and voice software.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page