On Mon, 2008-07-07 14:47 -0500, Stephen Smalley wrote:
On Mon, 2008-07-07 at 13:42 -0500, Serge E. Hallyn wrote:
It looks like unconfined_t is not granted setfcap capability. So
when running ltp as unconfined_t, the file capabilities test fails.
I'm just wondering what the right answer is:
1. require running ltp as an administrative type
2. give ltp a custom policy module to create an ltp_t
3. give setfcap to unconfined_t
unconfined_t should have all capabilities already.
Policy version?
Well, earlier today while running as _root_ with full-blown permissions,
I noticed that I couldn't access */home/dave/.gvfs*, (except to see that
it is a directory).
[dave@fedora ~]$ *ls -ld /home/dave/.gvfs*
dr-x------ 2 dave durant 0 2008-07-07 09:40 /home/dave/.gvfs
[dave@fedora ~]$ su -
Password:
[root@fedora ~]# *ls -ld .gvfs*
ls: cannot access /home/dave/.gvfs: Permission denied
[root@fedora ~]# *secon*
user: unconfined_u
role: unconfined_r
type: unconfined_t
sensitivity: s0
clearance: s0:c0.c1023
mls-range: s0-s0:c0.c1023
[root@fedora ~]#
David L Durant
=================
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
