Re: Problems creating a directory in /usr

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2013-02-08 at 10:55 +0000, Clive Hills wrote:

> which I find confusing as it makes no reference to the /usr/realman or
> for that matter /usr directories.
> 
> 
> Please advise what I need to do to have it writeable by this
> application (which is closed source to which I have no access.
> 
> 
> Many thanks
> Clive
> 

In this case, if i really wanted this app, i would just let useradd
create that dir once (e.g. run the app in permissive mode the first time
so that it can create the dir: (setenforce 0; "run the app"; setenforce
1)

Basically this should not be allowed for useradd_t in policy. The /usr
directory is not for user home directories. a more appropriate location
would probably be /var/lib/realman.

But once the directory is there then SELinux should probably no longer
have a problem, at least until you remove the app (then userdel will
probably be trying to remove it and be denied)

Actually this is something to consider for the SELinux devs in the
future: I do not see a need to run useradd with a domain transition. It
only causes issiues like these for unconfined users.


> 
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux