RE: Selinux Fun

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-03-28 at 22:41 -0500, Alan J. Gagne wrote:
> allow unconfined_t default_t:file execmod;
> allow unconfined_t tmp_t:file execmod;
> allow unconfined_t user_home_t:file execmod;
> allow unconfined_t usr_t:file execmod;

> I can now start the oracle processes with selinux set to enforce.
> This may have broken some security that should be in place so
> if anybody has any further info please correct my habits before
> they become engrained for life.

Yikes. unconfined_t is used for unconfined apps for the targeted policy
(i.e., almost no limits). Best to change the file contexts of the Oracle
application and add properly refined rules.

-- 
Ignacio Vazquez-Abrams <ivazquez@xxxxxxxxxxxx>
http://fedora.ivazquez.net/

gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]