Re: [RFC] files: Make files_{relabel,manage}_non_security_types work on all file types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/21/20 9:06 AM, Henrik Grindal Bakken wrote:
Chris PeBenito <pebenito@xxxxxxxx> writes:

On 1/17/20 6:15 PM, Henrik Grindal Bakken wrote:
From: Henrik Grindal Bakken <henribak@xxxxxxxxx>

This is the same behavious as files_*_non_auth_types have.

[...]

NAK.  Access per object class is already split up across separate
interfaces, so doing this would be confusing and prevent someone from
getting file-only access.

Ok.  Then I would recomment rewriting the systemd_tmpfiles_t rules a
bit, because today it has a serious amount of AVC violations for pretty
standard usage.

Perhaps.  However, it depends on what you consider standard usage.


There are no matching interfaces for lnk_files, at least.  Any
suggestions as to how to set up the tmpfiles rules?

By adding new interfaces that are like the existing files_manage_non_security_files() interface, but for lnk_file.


--
Chris PeBenito



[Index of Archives]     [AMD Graphics]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux