Re: dir permissions
On Fri, Jul 12, 2002 at 04:47:43PM +0200, Russell Coker <russell@coker.com.au> was heard to say:
> On Fri, 12 Jul 2002 14:01, Andreas Metzler wrote:
> > Michael Koch <konqueror@gmx.de> wrote:
> > [packaging a game]
> >
> > > to make this dir writeable by the game there are two possibilities:
> > > 1) adding the gamer to the group "games" or
> > > 2) making /usr/games/uclient set-group-id
> > >
> > > What is the preferred way ?
> >
> > 2.
> > See Policy 12.11.
> > cu andreas
>
> For SE Linux I am thinking of making all programs in /usr/games trigger a
> domain transition to a domain that can't write to regular files in a user's
> home directory (only to user_home_games_t not user_home_t), can't kill,
> ptrace, or otherwise molest regular user processes, but can write to
> /var/games etc.
A lot of games need to write to the user's home directory (eg, to
store configuration options, saved games, etc) -- aside from that, it
might be useful.
Daniel, with no idea what the context of this thread is.
--
/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
| Voodoo Programming: Things programmers do |
| that they know shouldn't work but they try |
| anyway, and which sometimes actually work, |
| such as recompiling everything. |
\----------------- The Turtle Moves! -- http://www.lspace.org ----------------/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: