On Thu, 2008-07-31 at 12:27 -0400, Mike Edenfield wrote: > Christopher J. PeBenito wrote: > > > Interfaces should not have side effects. If you have a create interface > > and it does something else like filetrans, filetrans is a side effect. > > The tunable should be: > > > > tunable_policy( > > unprivuser_create_home_dirs() > > unprivuser_home_filetrans_home_dir() > > ) > > Ok, I think I get it now. Sorry for being kinda dense :) > > So, what I should have dome is something like this: > > tunable_policy ( > unprivuser_home_filetrans_home_dir() > unprivuser_create_home_dir() > unprivuser_add_entry_home_dir() > ) > > > with two new interfaces: > > unprivuser_create_home_dir ( > allow user_home_dir_t:dir create_dir_perms > ) > > unprivuser_add_entry_home_dir ( > allow user_home_dir_t:dir add_entry_dir_perms > ) Why do you need the add_entry? You just want to create the /home/foouser directory right? Add_entry is for when you want to create an object in that type of directory. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
