Ivan Gyurdiev wrote:
On Thu, 2005-03-31 at 11:09 -0500, Daniel J Walsh wrote:Well actually the more I think about this, this is the job of roles. But the problem here is
Ivan Gyurdiev wrote:
I am thinking of the situation where you might want to users in a certain role allowed to play games and others not, on a sharedBad name in the installed file. It used to be disable_games. We might want to add a
boolean back in to prevent users from running games at all. But we would need to remove
exec_type from the attribute.
Prevent users from running games? Why do we want to do that? What's wrong with the current approach to doing this...namely..don't install any games, and then the users won't be running them.
machine. A more interesting example would be to disallow sysadm from running games, mozilla ...
Basically a user accidently runs mozilla or a game while newroled to sysadm. Might be nice to have that error out.
Ordinarily a transition happens but still It would be nice to prevent this.
I actually see SElinux as suited for the *opposite* phenomenon. Particularly, while on a legacy machine running mozilla and company as root would not be a very bright idea, on a SElinux-constrained machine it shouldn't be so bad (it's confined, how much damage can it do?).
not disable-trans as no exec. I think we need to maybe stop marking certain defined
domains as exec_type. To prevent all users from being able to execute the application
without a transition.
I think lots of users have had the experience of accidentally running something as root when
they did not want too. Even in your example I disable-trans for games and then accidentally
run some game as sysadm, bad things can happen.
Dan
--