Re: Why can not user_t link var_lib_t files?

Dominick Grift writes:
> Most stuff in /var is system stuff and not for
> users. So if a user has nothing to do there then no need to give them
> access either.
>
> Stuff like /var/spool/mail/<user> is however accessible.

Most things in /var is ACCESSIBLE. The same user that could not link the file had no problems copying it.

I was under the impression that user_u was not meant to be overly restricted. It should not be able to do su/sudo and other kinds of system work. But apart from that I thought it was meant to be able to do most things regular users on non-SELinux systems can do.

That was the impression I got from
http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/sect-Security-Enhanced_Linux-Targeted_Policy-Confined_and_Unconfined_Users.html among other places. But maybe I have misunderstood things. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

• This message: [ Message body ]
• Next message: Daniel J Walsh: "Re: How can I know disabling dontaudit or not ?"
• Previous message: Dominick Grift: "Re: Why can not user_t link var_lib_t files?"
• In reply to: Dominick Grift: "Re: Why can not user_t link var_lib_t files?"
• Next in thread: Daniel J Walsh: "Re: Why can not user_t link var_lib_t files?"
• Reply: Daniel J Walsh: "Re: Why can not user_t link var_lib_t files?"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]