* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
@ 2009-05-21 14:38 Daniel J Walsh
2009-05-27 13:25 ` Christopher J. PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:38 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
user_u runs cronjobs as user_t
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
2009-05-21 14:38 [refpolicy] appconfig-mcs_user_u_default_contexts.patch Daniel J Walsh
@ 2009-05-27 13:25 ` Christopher J. PeBenito
2009-05-27 15:28 ` Daniel J Walsh
0 siblings, 1 reply; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 13:25 UTC (permalink / raw)
To: refpolicy
On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
>
> user_u runs cronjobs as user_t
Fedora-specific.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
2009-05-27 13:25 ` Christopher J. PeBenito
@ 2009-05-27 15:28 ` Daniel J Walsh
2009-05-27 16:01 ` Christopher J. PeBenito
0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-05-27 15:28 UTC (permalink / raw)
To: refpolicy
On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
>>
>> user_u runs cronjobs as user_t
>
> Fedora-specific.
>
Please justify cronjobs running as something other then the default user
type?
^ permalink raw reply [flat|nested] 4+ messages in thread
* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
2009-05-27 15:28 ` Daniel J Walsh
@ 2009-05-27 16:01 ` Christopher J. PeBenito
0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 16:01 UTC (permalink / raw)
To: refpolicy
On Wed, 2009-05-27 at 11:28 -0400, Daniel J Walsh wrote:
> On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
> >>
> >> user_u runs cronjobs as user_t
> >
> > Fedora-specific.
> >
> Please justify cronjobs running as something other then the default user
> type?
A cronjob domain makes it possible to have a subset of user privileges
for cron jobs. I understand your reasons for running them in the user
domain, but as we have discussed before, upstream tends to lean towards
the more restrictive side side as it is easy to make the policy looser
(as evidenced by the fairly trivial patch that makes it work the way you
want).
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-05-27 16:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-21 14:38 [refpolicy] appconfig-mcs_user_u_default_contexts.patch Daniel J Walsh
2009-05-27 13:25 ` Christopher J. PeBenito
2009-05-27 15:28 ` Daniel J Walsh
2009-05-27 16:01 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.