Removed vmware-config.pl from: /etc/security/selinux/src/policy/file_contexts/program/vmware.fc and relabeled. vmware-config.pl works. Is anyone aware of a SELinux + VMWare "cookbook" to implement something like NetTop? Earl --- Russell Coker <russell@xxxxxxxxxxxx> wrote: > On Sat, 26 Jun 2004 05:42, Stephen Smalley > <sds@xxxxxxxxxxxxxx> wrote: > > But I'm not clear that vmware-config.pl should be > labeled vmware_exec_t > > at all (vs. bin_t). What is the advantage of > running the configuration > > script in vmware_t vs. sysadm_t? There are no > type transition rules for > > vmware_t (except for /var/run files), so it > doesn't help keep the > > configuration in the right type. > > Yes, vmware-config.pl should be labelled as bin_t > (IE removed from vmware.fc). > > But that's a small issue compared to all the other > vmware issues. We want to > have support for multiple domains for vmware for > different user roles, and > the policy should be easily configurable for one > user to be able to launch > vmware in different domains for NetTop type stuff. > > -- > http://www.coker.com.au/selinux/ My NSA Security > Enhanced Linux packages > http://www.coker.com.au/bonnie++/ Bonnie++ hard > drive benchmark > http://www.coker.com.au/postal/ Postal SMTP/POP > benchmark > http://www.coker.com.au/~russell/ My home page > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list > __________________________________ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail
