/etc/qt3/.qt*

/etc/qt3/.qt*

[Luke Kenneth Casson Leighton]

hi there russell,

yes, after redoing the policy mods to get kde to work, i think
your idea of doing an etc_rw_t or xdm_var_run_t for /etc/qt3
is a good idea.

gawd only knows what kde (actually libqt) is doing needing to write 
lock files to /etc/qt3 but there y'go.

l.

-- 
-- 
Information I post is with honesty, integrity, and the expectation that
you will take full responsibility if acting on the information contained,
and that, should you find it to be flawed or even mildly useful, you
will act with both honesty and integrity in return - and tell me.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Erich Schubert]

Hi,

> gawd only knows what kde (actually libqt) is doing needing to write 
> lock files to /etc/qt3 but there y'go.

I don't have a /etc/qt3. And if i had it, it certainly would be mode
0755, so no user can write there (and i don't think running qt apps as
root is a good idea) - something must be wrong with your setup.

Greetings,
Erich Schubert
-- 
    erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
  A polar bear is a rectangular bear after a coordinate transform.   //\
  Wenn zwei gute Freunde sind, die einander kennen, Sonn' und Mond   V_/_
    begegnen sich, ehe sie sich trennen. --- Clemens von Brentano


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Russell Coker]

On Mon, 2 Aug 2004 06:19, Erich Schubert <erich@debian.org> wrote:
> > gawd only knows what kde (actually libqt) is doing needing to write
> > lock files to /etc/qt3 but there y'go.
>
> I don't have a /etc/qt3. And if i had it, it certainly would be mode
> 0755, so no user can write there (and i don't think running qt apps as
> root is a good idea) - something must be wrong with your setup.

I guess that would be kdm.  kdm calls lots of KDE library code, most of which 
assumes that it's doing stuff on behalf of a regular user.  Last time I ran 
kdm it wanted to write stuff under /root, /etc/qt3 is marginally better.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Luke Kenneth Casson Leighton]

On Sun, Aug 01, 2004 at 10:19:13PM +0200, Erich Schubert wrote:
> Hi,
> 
> > gawd only knows what kde (actually libqt) is doing needing to write 
> > lock files to /etc/qt3 but there y'go.
> 
> I don't have a /etc/qt3. And if i had it, it certainly would be mode
> 0755, so no user can write there (and i don't think running qt apps as
> root is a good idea) - something must be wrong with your setup.
 
 this is very strange.

 it's kde 3.2.2, bog-standard.
 
 and it's root that's trying to write there (xdm_t and xdm_server_t).

 debian/unstable, last dist-upgrade was done two, maybe three months
 ago.

 l.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Erich Schubert]

Well, i do not have "kdm" installed.
I prefer gnome anyway, and especiall "gdm" is a log nicer than kdm.

Greetings,
Erich Schubert
-- 
   erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
       The best things in life are free: Friendship and Love.       //\
    Zwei Freunde müssen sich im Herzen ähneln, in allem anderen     V_/_
       können sie grundverschieden sein. --- Sully Prudhomme



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Russell Coker]

On Tue, 3 Aug 2004 00:45, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > I don't have a /etc/qt3. And if i had it, it certainly would be mode
> > 0755, so no user can write there (and i don't think running qt apps as
> > root is a good idea) - something must be wrong with your setup.
>
>  this is very strange.
>
>  it's kde 3.2.2, bog-standard.
>
>  and it's root that's trying to write there (xdm_t and xdm_server_t).

xdm_t is for kdm as I previously mentioned.

Is xdm_xserver_t (the X server domain) REALLY trying to write to those files?  
Or is it just inheriting open file handles from kdm?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: /etc/qt3/.qt*

[Luke Kenneth Casson Leighton]

On Tue, Aug 03, 2004 at 02:10:20AM +1000, Russell Coker wrote:
> On Tue, 3 Aug 2004 00:45, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > > I don't have a /etc/qt3. And if i had it, it certainly would be mode
> > > 0755, so no user can write there (and i don't think running qt apps as
> > > root is a good idea) - something must be wrong with your setup.
> >
> >  this is very strange.
> >
> >  it's kde 3.2.2, bog-standard.
> >
> >  and it's root that's trying to write there (xdm_t and xdm_server_t).
> 
> xdm_t is for kdm as I previously mentioned.
> 
> Is xdm_xserver_t (the X server domain) REALLY trying to write to those files?  
> Or is it just inheriting open file handles from kdm?
 
 i'm on a building site today: i'll check the logs in the next
 couple days.  l.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.