Why can not user_t link var_lib_t files?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is there some reason user_t is denied to link a file with type
var_lib_t (among others)?  Or did it just happen that way?  I don't
see any security advantage.

(It doesn't matter for the question, but I suspect somebody will ask
why I want this.  The particular use case where we were hit by this is
non-standard.  We have a digital TV receiver box that saves recordings
via NFS under /var/lib/TV on a server.  A user wanted to edit out the
commercials from one recording using the m2vmp2cut tool.  The tool is
most easy to use when the original recording is in the working
directory.  She could copy the file from /var/lib/TV/... to her home
directory, but to save a lot of time and space she tried to make a
(hard) link instead.  SELinux denied her that.  Obviously
non-standard, and the regular policy doesn't know anything about these
files.  And I know various ways to work around it, including adding a
module.  But I was a bit surprised over the denial.  I would have
expected user_t to be allowed to do this.  Thus my question, is this
by design or by mistake?)

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux