Is there some reason user_t is denied to link a file with type var_lib_t (among others)? Or did it just happen that way? I don't see any security advantage. (It doesn't matter for the question, but I suspect somebody will ask why I want this. The particular use case where we were hit by this is non-standard. We have a digital TV receiver box that saves recordings via NFS under /var/lib/TV on a server. A user wanted to edit out the commercials from one recording using the m2vmp2cut tool. The tool is most easy to use when the original recording is in the working directory. She could copy the file from /var/lib/TV/... to her home directory, but to save a lot of time and space she tried to make a (hard) link instead. SELinux denied her that. Obviously non-standard, and the regular policy doesn't know anything about these files. And I know various ways to work around it, including adding a module. But I was a bit surprised over the denial. I would have expected user_t to be allowed to do this. Thus my question, is this by design or by mistake?) -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
