From: Maria Iano <maria@iano.org>
To: Erich Schubert <erich@debian.org>
Cc: selinux@tycho.nsa.gov
Subject: Re: correct way to set context in perl?
Date: Thu, 18 May 2006 17:12:45 -0400 [thread overview]
Message-ID: <20060518171245.Y26098@iano.org> (raw)
In-Reply-To: <1147985248.3617.2.camel@wintermute.xmldesign.de>; from erich@debian.org on Thu, May 18, 2006 at 10:47:27PM +0200
Hi Eric,
Thanks for your response. The master and slave directories are separate. The zones are divided into over a hundred different groups (and growing). Individual users have access to edit zones in some groups and not others. Each group has its own directory. Under each group's directory are the master and slave directories. As new groups are created (by the perl scripts), new directories need to be created (as well as new files) and I need to be able to give them the correct security contexts, and there will be two different types under each group directory.
It looks like this:
data
|
___________________________________________________________
| |
grp1 grp2 ... and so on ...
| |
__________ ____________
| | | |
master slave master slave
Of course I built this directory structure with no thought of selinux at the time. Perhaps I should just redo the directory structure so anything new created just inherits the correct context.
Thanks,
Maria
On Thu, May 18, at 10:47%P so wrote Erich Schubert (erich@debian.org):
> Hi,
> I'd recommend to use different directories for master and slave zones.
> I used to do that back in kernel 2.0 days already.
> It's nice to know you can nuke the contents of the slave dir and not
> lose any data. ;-) Also I made the slave directory writable by the name
> server, the master directory not. There are a couple of reasons to do
> such things
> (e.g. if you have zones with dynamic updates enabled, you might also
> want to put them into a separate directory, while keeping the "root"
> zone files protected.
> I for example have a dyn.domain.tld zone which is updateable, and some
> CNAMES
> from the static zone file pointing in there)
>
> best regards,
> Erich Schubert
> --
> erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_
> There was never a good war or a bad peace. - Benjamin Franklin //\
> Mathematik: Das Alphabet, mit dessen Hilfe Gott das Universum V_/_
> beschrieben hat. --- Galileo Galilei
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2006-05-18 21:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-18 20:06 correct way to set context in perl? Maria Iano
2006-05-18 20:47 ` Erich Schubert
2006-05-18 21:12 ` Maria Iano [this message]
2006-05-18 22:47 ` Erich Schubert
2006-05-19 13:57 ` Russell Coker
2006-05-19 14:31 ` Maria Iano
2006-05-19 15:33 ` Maria Iano
2006-05-19 15:44 ` Stephen Smalley
2006-05-19 17:04 ` Maria Iano
2006-05-20 12:13 ` Russell Coker
2006-05-22 14:46 ` Maria Iano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060518171245.Y26098@iano.org \
--to=maria@iano.org \
--cc=erich@debian.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.