Re: LSM-based systems and debian packages
On Tue, 2 Dec 2003 08:48, Andreas Barth <aba@not.so.argh.org> wrote:
> * Russell Coker (russell@coker.com.au) [031201 05:10]:
> > On Mon, 1 Dec 2003 07:43, Andreas Barth <aba@not.so.argh.org> wrote:
> > > What about the gettys? I'm asking this because I wrote the initial
> > > mail because of mgetty, a package where I expect some non-standard
> > > setup (though of course, I could be wrong, as I don't know much about
> > > this topic).
> Well, mgetty (and vgetty for voice) does also in addition to normal login
> - receive faxes (and can start a whole bunch of things with receiving
> faxes, like printing, forwarding per mail, ...)
> - receive voice messages (to these apply the same option as to faxes)
> - fire up pppd
> - fire up uucico
> - fire up [any custom programm, if configured by the system
> administrator]
This will require some new policy.
There is currently no uucp policy (it seems that no SE Linux users are using
it). For pppd something like domain_auto_trans(getty_t, pppd_exec_t, pppd_t)
should do it. For faxes and voice messages there is probably needed some
policy for fax and voice software.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: