Bug link: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129584 > Additional Comment #9 From Daniel Walsh (dwalsh@xxxxxxxxxx) on > 2004-09-15 15:55 > Yes there are a lot of files that user can not access. Mainly any > file that has a security context associated with it and doesn't have > the attribute usercanread. > Again I want to bring this conversation to the public list and come to > concensus. We can add usercanread to these files, but the question > than is should a user be able to read all files even if they are world > readable. I don't see why not. If you think the user should not be able to read those files, then why aren't their permissions flags set accordingly? If a file was intended to be readable only by a certain application or only by root then it could have had the proper user/group/rwx flags set - this restriction could have been imposed without SELinux. If it is marked user readable then it seems to me that any user should be able to read it (or at least that there are no security reasons to deny it). So why does SElinux impose restrictions on user_t that contradict this explicit setting? -- Ivan Gyurdiev <ivg2@xxxxxxxxxxx> Cornell University
