On Sunday 13 March 2005 10:50, David Hampton <hampton-rh@xxxxxxxxxxxxxxxxxxx> wrote: > This is written on an FC3 base system using the selinux-policy-strict- > sources-1.22.1-2 policy from March 11th. These are the first policies > I've submitted so I'd appreciate any comments on how to write better > policies. Any reference to user_t, user_home_t, user_home_dir_t etc in policy is a bug. Running such a program from user_t (or some other unprivileged domain) will be better for overall security than having a domain that you can transition to from sysadm_t. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
