What changed that allows xguest to go on AOL?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



i read the article from :
http://magazine.redhat.com/2008/07/02/writing-policy-for-confined-selinux-users/ 
and i recently installed setools to (hopefully) understand more about
SELinux. 

in the article, it is shown (and i tried) that xguest_t role cannot
communicate using AOL.  the xguest_t can launch pidgin in /usr/bin/ though. 
AOL uses the port 5190 and that port has the 'aol_port_t' type. 

so i created the new policy rule as per the tutorial and now my xguest_t can
use pidgin and talk on AOL. 

if i were to use 'apol' to understand the changes made by the new policy
change, how should i do it? 
i tried to do a 'domain transition analysis', starting from the xguest_t
type and then see how many ways xguest_t can transit to the aol_port_t type,
and tried to compare the 'before' and 'after' policy addition.  But i could
not tell any difference. 

so i guess my question is more of how to use 'apol' to obtain meaningful
information such as this.  i cannot help but feel overwhelmed using apol
because there are so many options and so much information coming back at me. 

thank you


-- 
View this message in context: http://www.nabble.com/What-changed-that-allows-xguest-to-go-on-AOL--tp23480891p23480891.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux