On 02/08/2013 12:53 PM, Dominick Grift wrote:
On Fri, 2013-02-08 at 10:55 +0000, Clive Hills wrote:
which I find confusing as it makes no reference to the /usr/realman or
for that matter /usr directories.
Please advise what I need to do to have it writeable by this
application (which is closed source to which I have no access.
Many thanks
Clive
In this case, if i really wanted this app, i would just let useradd
create that dir once (e.g. run the app in permissive mode the first time
so that it can create the dir: (setenforce 0; "run the app"; setenforce
1)
Basically this should not be allowed for useradd_t in policy. The /usr
directory is not for user home directories. a more appropriate location
would probably be /var/lib/realman.
But once the directory is there then SELinux should probably no longer
have a problem, at least until you remove the app (then userdel will
probably be trying to remove it and be denied)
Actually this is something to consider for the SELinux devs in the
future: I do not see a need to run useradd with a domain transition. It
only causes issiues like these for unconfined users.
Dominick,
do you run without this transition on your system? Basically we want to
move some transitions in F19 from unconfined_t.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
