* comment change in attrib.te
@ 2004-07-08 3:26 Russell Coker
0 siblings, 0 replies; only message in thread
From: Russell Coker @ 2004-07-08 3:26 UTC (permalink / raw)
To: SE Linux; +Cc: Stephen Smalley
[-- Attachment #1: Type: text/plain, Size: 308 bytes --]
I think that the attached comment change is worth having. We want to
discourage people from putting in rules that allow all domains to perform an
action such as reading a file. The current comment will tend to encourage
such actions.
--
http://apac.redhat.com/disclaimer
See above URL for disclaimer.
[-- Attachment #2: diff --]
[-- Type: text/x-diff, Size: 570 bytes --]
diff -ru /usr/src/se/policy/attrib.te ./attrib.te
--- /usr/src/se/policy/attrib.te 2004-07-08 13:09:32.000000000 +1000
+++ ./attrib.te 2004-07-08 13:23:23.000000000 +1000
@@ -41,8 +41,7 @@
# The domain attribute identifies every type that can be
# assigned to a process. This attribute is used in TE rules
# that should be applied to all domains, e.g. permitting
-# init to kill all processes or permitting all processes
-# to read a particular file.
+# init to kill all processes.
attribute domain;
# The privuser attribute identifies every domain that can
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-07-08 3:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-08 3:26 comment change in attrib.te Russell Coker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.