Re: Odd boolean in /etc/selinux/strict/booleans?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ivan Gyurdiev wrote:

Bad name in the installed file. It used to be disable_games. We might want to add a
boolean back in to prevent users from running games at all. But we would need to remove
exec_type from the attribute.



Prevent users from running games? Why do we want to do that?
What's wrong with the current approach to doing this...namely..don't
install any games, and then the users won't be running them.



I am thinking of the situation where you might want to users in a certain role allowed to play games and others not, on a shared
machine. A more interesting example would be to disallow sysadm from running games, mozilla ...

Basically a user accidently runs mozilla or a game while newroled to sysadm. Might be nice to have that error out.
Ordinarily a transition happens but still It would be nice to prevent this.

Dan

--


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux