From: Daniel J Walsh <dwalsh@redhat.com>
To: ivg2@cornell.edu
Cc: russell@coker.com.au, SELinux <SELinux@tycho.nsa.gov>
Subject: Re: [Fwd: Latest Diff]
Date: Mon, 09 May 2005 10:42:06 -0400 [thread overview]
Message-ID: <427F76BE.60506@redhat.com> (raw)
In-Reply-To: <1115495425.20062.2.camel@localhost.localdomain>
Ivan Gyurdiev wrote:
>On Sat, 2005-05-07 at 13:04 -0400, Ivan Gyurdiev wrote:
>
>
>>>One possibility would be to allow tmpwatch to go through user (not sysadm)
>>>home directories but not have search access to home_root_t. But this makes
>>>the protection of user home directories from tmpwatch dependant on the label
>>>of home_root_t, I'm not certain that in all cases of automounting and strange
>>>configuration of home directories we can rely on the label of home_root_t
>>>being assigned to /home to protect sub-directories.
>>>
>>>
>>I am a bit confused - /tmp/orbit-$USER is not in /home...
>>I was just wondering whether the orbit folder should be allowed to
>>be erased by tmpwatch due to inactivity... If so, it will need to
>>be recreated (without rebooting), and that's why I was saying that
>>in that case, libORBit probably needs to set the correct context itself,
>>as opposed to a startup script solution that creates this folder.
>>
>>There is no problem as far as tmpwatch goes - I can just mark the type
>>tmpfile, I guess.
>>
>>
>
>Patch for ORBit2 here - see the last attachment:
>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155800
>
>I think I should submit the ORBit part of this patch for inclusion...
>
>
>
I am not crazy about this patch. Since I don't think we need to run a
priveledged orbit.
If we have the init scripts create a /tmp/orbit directory and the login
creates orbit-$USER
under there we can get all the transitions correct. Can't we?
Dan
--
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2005-05-09 14:42 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-05 19:35 [Fwd: Latest Diff] Daniel J Walsh
2005-05-05 21:44 ` Ivan Gyurdiev
2005-05-06 1:34 ` Russell Coker
2005-05-06 1:58 ` Ivan Gyurdiev
2005-05-06 15:39 ` Ivan Gyurdiev
2005-05-07 13:50 ` Russell Coker
2005-05-07 17:04 ` Ivan Gyurdiev
2005-05-07 19:50 ` Ivan Gyurdiev
2005-05-09 14:42 ` Daniel J Walsh [this message]
2005-05-09 18:12 ` Ivan Gyurdiev
2005-05-09 18:17 ` Daniel J Walsh
2005-05-09 18:24 ` Ivan Gyurdiev
2005-05-09 18:27 ` Daniel J Walsh
2005-05-09 18:37 ` Ivan Gyurdiev
2005-05-11 14:59 ` Stephen Smalley
2005-05-07 23:01 ` Russell Coker
2005-05-06 12:33 ` Daniel J Walsh
2005-05-06 5:33 ` Russell Coker
2005-05-06 12:43 ` Daniel J Walsh
2005-05-06 13:22 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=427F76BE.60506@redhat.com \
--to=dwalsh@redhat.com \
--cc=SELinux@tycho.nsa.gov \
--cc=ivg2@cornell.edu \
--cc=russell@coker.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.