[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SE/Linux] status / progress report 13jun2004

On Fri, 18 Jun 2004 14:51, Brian May <bam@debian.org> wrote:
> >>>>> "Simon" == Simon Richter <sjr@debian.org> writes:
>
>     Simon> Are these labels required for every package, or can they be
>     Simon> left out for programs that are meant to be called by users
>     Simon> and need no special privileges?
>
> They are required for every file, just like there are Unix permissions
> for every file.

Yes, but there are generalisations.  Just as with Unix permissions you could 
make all files in /bin, /sbin, /usr/sbin, and /usr/bin mode 0755 owned by 
root:root and list the small number of exceptions we could have SE Linux type 
labels be taken from the directory and make exceptions of the 500 or so 
packages that would not fit with this.

Modifying 500 packages does not make sense though when we can more easily 
modify a single package.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: