Re: standard for executable files under /usr/share
On Wed, 19 Mar 2003 03:52, Daniel Burrows wrote:
> > Under /usr/lib:
> > /usr/lib/man-db/.+
> > /usr/lib/apt/methods/.+
> > /usr/lib/dpkg/.*
> >
> > Those are the only ones that need to be labeled.
>
> What are the criteria for needing to be labeled? Mozilla, xscreensaver,
> and PLT Scheme all drop executables in /usr/lib.
The default SE Linux type for files under /usr/lib is lib_t which allows
execute access for user_t, so this is OK for most things. Security systems
other than SE Linux may have a problem with this.
For netscape/mozilla I have the following special cases:
/usr/lib/netscape/base-4/wrapper
/usr/lib/mozilla/reg.+
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: