[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: standard for executable files under /usr/share

On Wed, 19 Mar 2003 03:52, Daniel Burrows wrote:
> > Under /usr/lib:
> > /usr/lib/man-db/.+
> > /usr/lib/apt/methods/.+
> > /usr/lib/dpkg/.*
> >
> > Those are the only ones that need to be labeled.
>
>   What are the criteria for needing to be labeled?  Mozilla, xscreensaver,
> and PLT Scheme all drop executables in /usr/lib.

The default SE Linux type for files under /usr/lib is lib_t which allows 
execute access for user_t, so this is OK for most things.  Security systems 
other than SE Linux may have a problem with this.

For netscape/mozilla I have the following special cases:
/usr/lib/netscape/base-4/wrapper
/usr/lib/mozilla/reg.+

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: