Stephen Smalley wrote:
On Fri, 2006-04-14 at 10:53 -0400, Daniel J Walsh wrote:
Please turn on restorecond
chkconfig --add restorecond
service restorecond start
We are not transitioning to mount_t from unconfined_t because it causes
lots of other problems such as
mount > ~/mymounts failing etc. This is the type of problems
restorecond is designed to fix.
Hmmm..why not create a user_mount_t domain and transition to it from
unconfined_t, and let it write to user home directory types? While
leaving mount_t alone. Then you can define a type transition on
user_mount_t etc_t:file etc_runtime_t. Relying on restorecond for
something that can be easily addressed via a type transition seems
wrong.
You can do that but I would suggest you create a unconfined_mount_t and
allow it everything unconfined_t can do. Otherwise we end up with
people mounting files in random places or outputting mount >>
/var/mounts whatever. I think very few userspace tools should
transition, because when they do we end up with lots of bug reports.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
