On Sun, 2009-05-17 at 18:44 +0200, Göran Uddeborg wrote: > Is there some reason user_t is denied to link a file with type > var_lib_t (among others)? Or did it just happen that way? I don't > see any security advantage. > Thus my question, is this by design or by mistake?) I think the policy author could probably give the right answer but i think this is by design. Most stuff in /var is system stuff and not for users. So if a user has nothing to do there then no need to give them access either. Stuff like /var/spool/mail/<user> is however accessible. Like you suggested it is easy to create a extension or a new role/ custom user domain for this functionality. If you want your users to be unrestricted then map the user to unconfined_u > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
