RE: openvpn and script execution

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mr Dash Four wrote:
>> Why even put it there. shouldnt it just be in /usr/sbin/ or
something?
>>
>Then I would need to grant permission to /usr/bin in both
openvpn_sudo_t
>AND openvpn_t ... or am I missing something?
>
>Also, one of the scripts creates ".route-up-started" (though that is
>executed by root and within the /etc/init.d/openvpn domain), so I am
not
>sure how this is going to work out.

The way the Samba policy module does things is to define a specific
directory for scripts:

samba.fc:
...
/var/lib/samba/scripts(/.*)?
gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
...

This way you keep the scripts separate from ordinary system binaries,
they automatically get the correct type when installed from rpm, and you
don't need to create a new file context every time you add a script.


Moray.
"To err is human.  To purr, feline"




--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux