On Thu, 2004-12-30 at 16:05, Mike Hearn wrote: > I have a couple of questions. The first is that in the FC3 targetted > policy, it appears that ldconfig cannot write to user_home_t directories. > Why is this? It appears to be a restriction with no purpose, and some > programs rely on this to work. In fact I see from the archives that > ldconfig not being able to write or search certain directories has come up > before. Principle of least privilege; only allow a program to do what it requires for its legitimate purpose. If it truly requires such access for legitimate purposes, then you can certainly propose adding those permissions, but be aware of potential ramifications, e.g. mis-use of permissions by the caller, corruption of ldconfig via untrustworthy input, etc. > The second question is what impact SELinux will have on third party > installers. It seems from the nVidia thread that currently if you copy > files onto the system using "cp", this is the wrong way to do it and it > will break peoples SELinux setups. This surely cannot be correct: that'd > break every pretty much every third party installer (eg Loki Setup, > etc) out there! cp only explicitly sets the security context if you pass one of the relevant options to it. Otherwise, it just follows the default behavior of creating the new file based on the domain of the creating process and the type of the parent directory (which falls back to inheriting the type on the parent directory in the absence of an explicit rule). Having cp automatically try to preserve or set context has been discussed previously, but is often not what you want and may often run into permissions problems for unprivileged callers. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
