Re: dir permissions

To: Andreas Metzler <ametzler@logic.univie.ac.at>, debian-mentors@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: dir permissions
From: Russell Coker <russell@coker.com.au>
Date: Fri, 12 Jul 2002 16:47:43 +0200
Message-id: <[🔎] 20020712144744.433FE6E2@lyta.coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] E17Sz7L-0000N8-00@chuzpe.logic.univie.ac.at>
References: <[🔎] E17Sz7L-0000N8-00@chuzpe.logic.univie.ac.at>

On Fri, 12 Jul 2002 14:01, Andreas Metzler wrote:
>  Michael Koch <konqueror@gmx.de> wrote:
> [packaging a game]
>
> > to make this dir writeable by the game there are two possibilities:
> > 1) adding the gamer to the group "games" or
> > 2) making /usr/games/uclient set-group-id
> >
> > What is the preferred way ?
>
> 2.
> See Policy 12.11.
>         cu andreas

For SE Linux I am thinking of making all programs in /usr/games trigger a 
domain transition to a domain that can't write to regular files in a user's 
home directory (only to user_home_games_t not user_home_t), can't kill, 
ptrace, or otherwise molest regular user processes, but can write to 
/var/games etc.

What do you think?

-- 
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.

-- 
To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: dir permissions
  - From: Daniel Burrows <dnb114@psu.edu>

References:
- Re: dir permissions
  - From: Andreas Metzler <ametzler@logic.univie.ac.at>

Prev by Date: Re: dir permissions
Next by Date: Re: w3c-libwww_5.4.0-2 build problems
Previous by thread: Re: dir permissions
Next by thread: Re: dir permissions
Index(es):
- Date
- Thread