Re: SELinux last straw

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Arthur Pemberton wrote:

If I asked how to determine whether or not some particular access would
be permitted or denied by the traditional unix mechanism you wouldn't
have any trouble describing how to verify it in terms of permissions
down the file path.  I'm asking the same question about SELinux.

1) familiarize ones self with the rules , as one has to do with
traditional secuirty

But the traditional unix rules are extremely simple, and being able to understand and verify them is one of their biggest virtues.

2) or just try it and see if it is allowed or not

When something applies only to a particular process, how can you try it without running that process - which may have destructive side effects if it fails?

How, for example, would you determine if some change will make it
necessary to relabel?   How, other than running something and letting it
fail to get the log message, do you positively determine that some
specific access will be permitted or denied?

perms can be viewed with `ls` and there is some command that provides
the current settings.

How would you do it with traditional tools?

The shortcut test is to su to the user in question and try to access the file/device. The only slightly more complicated way is to walk down the path looking at the permissions for user/group/other on the file and the directories above.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux