Re: user based access control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jeff,

Have you considered using categories? Assigning a category per-user or user group might give you the control you need.

Cheers

Phil


Inactive hide details for Jeff Becker ---30/11/2016 06:28:48---Hi, On Tue, Nov 29, 2016 at 1:35 AM, Miroslav Grepl <mgrepl@redhJeff Becker ---30/11/2016 06:28:48---Hi, On Tue, Nov 29, 2016 at 1:35 AM, Miroslav Grepl <mgrepl@xxxxxxxxxx> wrote:

From: Jeff Becker <jeff.c.becker@xxxxxxxxx>
To: Miroslav Grepl <mgrepl@xxxxxxxxxx>
Cc: selinux@xxxxxxxxxxxxxxxxxxxxxxx
Date: 30/11/2016 06:28
Subject: Re: user based access control





Hi,

On Tue, Nov 29, 2016 at 1:35 AM, Miroslav Grepl <mgrepl@xxxxxxxxxx> wrote:
I do have another question. I didn't realize that setting UBAC=y in the targeted policy make user_home_dir_t ubac_constrained. That means user A may not access user B's files no matter what type they are. What I'd like is some hybrid where User A's files that are tagged "don't share" can't be seen by other users, but all of User A's other files can be seen if they have the appropriate DAC ACL's.

I was thinking of using audit2allow to create a policy mod that allowed access to user_home_dir_t, but if there's a better way, I'd like to hear about it. Thanks.

-jeff _______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx



_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux