On 2007-04-24, Al Pacifico <adpacifico@xxxxxxxxxxxxxxxxxxxxx> wrote: >> That depends on your security goals. If you want the slimserver-scanner >> to have the same privs as slimserver you would label it sbin_t and allow >> slimserver to corecmd_exec_sbin(). If you want to go with least privs, >> you would create a new policy for slimserver-scanner >> (slimserver_scanner_t with file context of slimserver_scanner_exec_t) >> and then add a rule to slimserver_t to domtrans >> slimserver_scanner_domtrans(slimserver_t) > > > I'm a little confused about this. I want to limit privileges of slimserver > and slimserver-scanner to accessing only certain files. If I label > slimserver-scanner as 'sbin_t', when a user executes slimserver-scanner, > won't he/she have more privileges than slimserver then? Yes. If you want slimserver-scanner to have less privileges when executed interactively by a user, you'll need to create a new domain for (i.e. not sbin_t), and transition into this domain when the user exec it. But, why would you want that? All it's doing is reading the mp3-files, and updating a database. If you limit the scanners privileges, your users can still step outside of this by "cp /usr/sbin/slimserver-scanner /tmp/slimserver-scanner".. I would aim at confining the main web-based slimserver, and make sure the slimserver-scanner executed within this process doesn't get more privileges than absolutely necessary. -jf -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
