Chris PeBenito wrote:
On Sat, 2008-07-26 at 15:07 +0200, Dominick Grift wrote:
Signed-off-by: Dominick Grift <domg472@xxxxxxxxx>
The patch looks line-wrapped. Also a couple comments inline.
...
+tunable_policy(`oidentd_read_unprivileged_user_home_content_files', `
+ # ~/.oidentd.conf
+ userdom_read_unpriv_users_home_content_files(oidentd_t)
+')
Why is this last bit needed? Why would a system service be reading a
conf file from a user's home dir?
It's reading ~/.oidentd.conf, which allows a user great control over the
responses the daemon returns when queried about connections related to
that user.
http://linux.die.net/man/5/oidentd.conf
Paul.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
