-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/14/2010 03:44 PM, Christopher J. PeBenito wrote: > On 09/14/10 11:53, Daniel J Walsh wrote: >> On 09/14/2010 05:55 AM, Roberto Sassu wrote: >>> Thanks for answers. I'm trying to find a set of types executable by >>> regular users which are managed by few and high privileged domains. >>> Unfortunately, regarding 'etc_t', there's a non administrative >>> domain, 'postgresql_t', which is allowed to create it. >> That seems wrong, I have no idea why postgresql would be able to manage >> etc files. Chris do you have any idea? (Hopefully this did not come >> from me. ) BTW there is no way for user_t to execute something as >> postgresql_t > > Based on the git log, this line has been around upstream since 2005, > when the postgresql module was converted over from the old NSA example > policy. I don't know why it would need that access. My preference is > to remove it, and if it causes problems, hopefully it can be fixed in > some other way. > Agreed I am removing from Fedora now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyP1MYACgkQrlYvE4MpobNKawCfXML+mXZk/xJtuRGaqphiPBiO PtgAoKb1b5mpR46EW6xlDnDMla/tGlOJ =Uujz -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
