[refpolicy] appconfig-mcs_user_u_default

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
@ 2009-05-21 14:38 Daniel J Walsh
  2009-05-27 13:25 ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-05-21 14:38 UTC (permalink / raw)
  To: refpolicy

http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch

user_u runs cronjobs as user_t

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
  2009-05-21 14:38 [refpolicy] appconfig-mcs_user_u_default_contexts.patch Daniel J Walsh
@ 2009-05-27 13:25 ` Christopher J. PeBenito
  2009-05-27 15:28   ` Daniel J Walsh
  0 siblings, 1 reply; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 13:25 UTC (permalink / raw)
  To: refpolicy

On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
> 
> user_u runs cronjobs as user_t

Fedora-specific.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
  2009-05-27 13:25 ` Christopher J. PeBenito
@ 2009-05-27 15:28   ` Daniel J Walsh
  2009-05-27 16:01     ` Christopher J. PeBenito
  0 siblings, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2009-05-27 15:28 UTC (permalink / raw)
  To: refpolicy

On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
>>
>> user_u runs cronjobs as user_t
>
> Fedora-specific.
>
Please justify cronjobs running as something other then the default user 
type?

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [refpolicy] appconfig-mcs_user_u_default_contexts.patch
  2009-05-27 15:28   ` Daniel J Walsh
@ 2009-05-27 16:01     ` Christopher J. PeBenito
  0 siblings, 0 replies; 4+ messages in thread
From: Christopher J. PeBenito @ 2009-05-27 16:01 UTC (permalink / raw)
  To: refpolicy

On Wed, 2009-05-27 at 11:28 -0400, Daniel J Walsh wrote:
> On 05/27/2009 09:25 AM, Christopher J. PeBenito wrote:
> > On Thu, 2009-05-21 at 10:38 -0400, Daniel J Walsh wrote:
> >> http://people.fedoraproject.org/~dwalsh/SELinux/F11/appconfig-mcs_user_u_default_contexts.patch
> >>
> >> user_u runs cronjobs as user_t
> >
> > Fedora-specific.
> >
> Please justify cronjobs running as something other then the default user 
> type?

A cronjob domain makes it possible to have a subset of user privileges
for cron jobs.  I understand your reasons for running them in the user
domain, but as we have discussed before, upstream tends to lean towards
the more restrictive side side as it is easy to make the policy looser
(as evidenced by the fairly trivial patch that makes it work the way you
want).

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2009-05-27 16:01 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-05-21 14:38 [refpolicy] appconfig-mcs_user_u_default_contexts.patch Daniel J Walsh
2009-05-27 13:25 ` Christopher J. PeBenito
2009-05-27 15:28   ` Daniel J Walsh
2009-05-27 16:01     ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.