Dominick Grift writes: > Most stuff in /var is system stuff and not for > users. So if a user has nothing to do there then no need to give them > access either. > > Stuff like /var/spool/mail/<user> is however accessible. Most things in /var is ACCESSIBLE. The same user that could not link the file had no problems copying it. I was under the impression that user_u was not meant to be overly restricted. It should not be able to do su/sudo and other kinds of system work. But apart from that I thought it was meant to be able to do most things regular users on non-SELinux systems can do. That was the impression I got from http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html among other places. But maybe I have misunderstood things. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
