Re: [Fwd: Re: Experiences with selinux enabled targetted on Fedora Core 3]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Richard Hally <rhally@mindspring.com>, SELinux <selinux@tycho.nsa.gov>
Subject: Re: [Fwd: Re: Experiences with selinux enabled targetted on Fedora Core 3]
Date: Thu, 21 Apr 2005 08:56:36 -0400	[thread overview]
Message-ID: <4267A304.4070106@redhat.com> (raw)
In-Reply-To: <1114086578.4054.69.camel@moss-spartans.epoch.ncsc.mil>

If someone is willing to read through the dontaudits and find the ones 
that are legitimate bugs versus,
Access to /etc/shaodow or daemons wanting to talk to the terminal on 
startup. 

Some are also very difficult to fix.  A low level kerberos library does 
a "access" check of all its config
files.  One of the checks is if (access(filename, W_OK))  this triggers 
an write denial, which we have
dontaudit for.  To change kerberos would envolve a serious redisign of 
lowlevel libraries.

Some are aguably running correctly just not the way SELinux wants them 
to.  IE Daemons having access to TTY's

Probably a lot of them are also legitimate bugs and should be 
bugzilla'd.  We can always use help if some one wants
to look for those situations.

Dan

-- 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

     prev parent reply	other threads:[~2005-04-21 12:56 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-04-21  9:42 [Fwd: Re: Experiences with selinux enabled targetted on Fedora Core 3] Richard Hally
2005-04-21 12:29 ` Stephen Smalley
2005-04-21 12:56   ` Daniel J Walsh [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4267A304.4070106@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=rhally@mindspring.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.