[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dir permissions

On Sat, 2002-07-13 at 02:28, Joseph Carter wrote:
> > I plan to solve that by having the following rule:
> > file_type_auto_trans(user_games_t, user_home_dir_t, user_home_games_t)
> > 
> > So when the user_games_t domain (entered by executing a games_exec_t program 
> > from the user_t domain) creates a file under the user_home_dir_t directory 
> > (the user's home dir) then a new file or directory can be created with type 
> > user_home_games_t (and user_games_t gets full access to that type).
> If I have to recompile all of my games which use ~/.foorc or ~/.foo/bar
> and move everything around, I will be somewhat annoyed.  It might be a
> good thng to do anyway (I have some 200+ dotfiles/dotdirs in ~) but I will
> still be annoyed.  =)

I don't think any changes to source code or any recompilations would be

Only the selinux policy needs to be changed.

It sounds like a good idea to me, it restricts what files games can
access if they are somehow compromised.
Brian May <bam@snoopy.apana.org.au>

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: