On Mon, 2009-05-18 at 20:19 +0200, Göran Uddeborg wrote: > Stephen Smalley writes: > > In a least privilege scheme, the question is not why should it be denied > > but rather what legitimate purpose does user_t have in creating hard > > links to random files under /var/lib. > > That is true, but as I said I didn't think user_t was designed > following a least privilege scheme. I thought it more was allowed to > do most random things, with a few exceptions. > > (According to the least privilege scheme, the same user should > probably not be allowed to READ random /var/lib files either. Some > files and directories, like /var/lib/texmf, should be readable, but > they have their own type.) Yes, that's true, but the original example policy was predominantly focused on integrity goals and that has largely carried through with a few exceptions, e.g. /etc/shadow. > > (and if they are in fact > > served via NFS, then I don't see why they would be in var_lib_t unless > > you mounted the NFS filesystem with > > context=system_u:object_r:var_lib_t). > > Ah, no. These commands were executed on the server where the files > are stored. It is the digital-TV box that mounts this directory with > NFS. But we are not trying to do the editing on that box. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list