Re: constraint violation problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/20/2013 08:39 AM, Thorsten Scherf wrote:
> On [Mon, 20.05.2013 13:17], Dominick Grift wrote:
>> On Mon, 2013-05-20 at 09:41 +0200, Dominick Grift wrote:
>>> On Mon, 2013-05-20 at 09:28 +0300, Thorsten Scherf wrote:
>>>> On [Sun, 19.05.2013 17:15], Dominick Grift wrote:
>>>>> On Sun, 2013-05-19 at 14:15 +0300, Thorsten Scherf wrote:
>>>>>> Following setup:
>>>>>> 
>>>>>> iucv instance is started via upstart to make iucv connections
>>>>>> available in a z/VM environment:
>>>>>> 
>>>>>> # cat /etc/init/iucv.conf start on runlevel [2345] stop on
>>>>>> runlevel [01] respawn exec /usr/bin/iucvtty lnxterm
>>>>>> 
>>>>>> iucvtty is running in init_t:
>>>>>> 
>>>>>> # ps -efZ|grep iucv system_u:system_r:init_t:s0     root
>>>>>> 1788     1  0 13:56 ? 00:00:00
>>> /usr/bin/iucvtty lnxterm
>>>>>> 
>> 
>> I can help you write policy for iucv. If you want help, then please come 
>> see me (grift) on #fedora-selinux at irc.freenode.org (internet relay 
>> chat)
> 
> Thanks Dominik, but I think I can manage it. Will let you know if I need 
> further help.
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes running login ranged would be better then giving it overrides, because
theoretically, someone might want to run login program with less categories.

In the MLS world you might want to setup local login to only be able to reach
Secret level for example.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlGaIC4ACgkQrlYvE4MpobMGcgCfRY5MwsY0Ke2BVlWB1J0NVUNi
UkcAn2VjX8ZtcCY+AeNC0Lp44Ga9otr7
=Z8Za
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux