-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/20/2013 08:39 AM, Thorsten Scherf wrote: > On [Mon, 20.05.2013 13:17], Dominick Grift wrote: >> On Mon, 2013-05-20 at 09:41 +0200, Dominick Grift wrote: >>> On Mon, 2013-05-20 at 09:28 +0300, Thorsten Scherf wrote: >>>> On [Sun, 19.05.2013 17:15], Dominick Grift wrote: >>>>> On Sun, 2013-05-19 at 14:15 +0300, Thorsten Scherf wrote: >>>>>> Following setup: >>>>>> >>>>>> iucv instance is started via upstart to make iucv connections >>>>>> available in a z/VM environment: >>>>>> >>>>>> # cat /etc/init/iucv.conf start on runlevel [2345] stop on >>>>>> runlevel [01] respawn exec /usr/bin/iucvtty lnxterm >>>>>> >>>>>> iucvtty is running in init_t: >>>>>> >>>>>> # ps -efZ|grep iucv system_u:system_r:init_t:s0 root >>>>>> 1788 1 0 13:56 ? 00:00:00 >>> /usr/bin/iucvtty lnxterm >>>>>> >> >> I can help you write policy for iucv. If you want help, then please come >> see me (grift) on #fedora-selinux at irc.freenode.org (internet relay >> chat) > > Thanks Dominik, but I think I can manage it. Will let you know if I need > further help. > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Yes running login ranged would be better then giving it overrides, because theoretically, someone might want to run login program with less categories. In the MLS world you might want to setup local login to only be able to reach Secret level for example. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlGaIC4ACgkQrlYvE4MpobMGcgCfRY5MwsY0Ke2BVlWB1J0NVUNi UkcAn2VjX8ZtcCY+AeNC0Lp44Ga9otr7 =Z8Za -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
