On Tuesday 19 April 2005 12:25, Valdis.Kletnieks@xxxxxx wrote: > > In those cases a dontaudit rule will usually do the job. If the file > > system is not mounted then there's nothing that the application can > > usefully do under the mount point and usually ENOENT and EACCESS usually > > get the same code paths in most applications that try to open files. > > In my case, actually labelling the directories correctly was the better > fix. For you maybe. In a general sense it isn't. We have no automatic system for using umount or mount --bind to allow labelling of such mount points and we can't expect most users to be able to do it. > Personally, I'm not thrilled by the idea of sticking in dontaudit rules to > quiet complaints at boot time that are caused by directories that are > mislabelled. Why not? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
