Re: dir permissions

[Daniel Burrows <dnb114@psu.edu>]

On Fri, Jul 12, 2002 at 04:47:43PM +0200, Russell Coker <russell@coker.com.au> was heard to say:
> On Fri, 12 Jul 2002 14:01, Andreas Metzler wrote:
> >  Michael Koch <konqueror@gmx.de> wrote:
> > [packaging a game]
> >
> > > to make this dir writeable by the game there are two possibilities:
> > > 1) adding the gamer to the group "games" or
> > > 2) making /usr/games/uclient set-group-id
> > >
> > > What is the preferred way ?
> >
> > 2.
> > See Policy 12.11.
> >         cu andreas
> 
> For SE Linux I am thinking of making all programs in /usr/games trigger a 
> domain transition to a domain that can't write to regular files in a user's 
> home directory (only to user_home_games_t not user_home_t), can't kill, 
> ptrace, or otherwise molest regular user processes, but can write to 
> /var/games etc.

  A lot of games need to write to the user's home directory (eg, to
store configuration options, saved games, etc) -- aside from that, it
might be useful.

  Daniel, with no idea what the context of this thread is.

-- 
/-------------------- Daniel Burrows <dburrows@debian.org> -------------------\
|                 Voodoo Programming: Things programmers do                   |
|                 that they know shouldn't work but they try                  |
|                 anyway, and which sometimes actually work,                  |
|                 such as recompiling everything.                             |
\----------------- The Turtle Moves! -- http://www.lspace.org ----------------/


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org