From: Tom <tom@lemuria.org>
To: Russell Coker <russell@coker.com.au>
Cc: selinux@tycho.nsa.gov
Subject: Re: uml policy
Date: Fri, 13 Sep 2002 07:35:53 +0200 [thread overview]
Message-ID: <20020913073553.D2818@lemuria.org> (raw)
In-Reply-To: <200209130053.55563.russell@coker.com.au>; from russell@coker.com.au on Fri, Sep 13, 2002 at 12:53:55AM +0200
On Fri, Sep 13, 2002 at 12:53:55AM +0200, Russell Coker wrote:
> NB You need separate types for the kernel and the disk image. The kernel
> should not be writable...
Yes, and the backing store file should also not be writeable, just the
cow file and the keystroke logger files.
> You possibly don't want the system to run it (but that is debatable), however
> you certainly want to be able to install a kernel as the administrator and
> have regular users execute it.
Shouldn't chcon be able to do that?
Ah, I'll find out.
> Chroot is probably too heavy, irc is simpler and easier to copy from. For
> keystroke logger files I guess you could make them append-only. Or you could
> use the same read-write file you use for the data store.
Definitely append only, but the problem is that they are created on
runtime, not like logfiles where you can assume that it exists when you
execute.
And they are always created in the uml dir. I'll look into the uml
source what exactly is hardcoded there. I would definitely prefer them
to be in their own subdir.
--
http://web.lemuria.org/pubkey.html
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2002-09-13 5:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-12 18:12 uml policy Tom
2002-09-12 18:46 ` Russell Coker
2002-09-12 21:18 ` Tom
2002-09-12 22:53 ` Russell Coker
2002-09-13 5:35 ` Tom [this message]
2002-09-13 9:01 ` Russell Coker
2002-09-13 15:56 ` Tom
2002-09-12 18:49 ` Russell Coker
-- strict thread matches above, loose matches on Subject: below --
2003-01-12 12:06 UML policy Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020913073553.D2818@lemuria.org \
--to=tom@lemuria.org \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.