more fine grained access in /etc

From: Torbjørn Lindahl <torbjorn.lindahl_at_nospam>
Date: Thu Sep 13 2007 - 13:16:46 GMT
To: fedora-selinux-list@redhat.com

Hello, I am writing an application that I want to limit using selinux.

audit.log shows that it wants access to /etc/nsswitch.conf and /etc/hosts - which doesn't seem to unreasonable, however both these have types etc_t , and allowing myapp_t to read etc_t would also give it access to for example /etc/passwd, which i do not want.

Do I have to invent a new type for these two files to be able to keep my application from the other etc_t files in /etc ? -- mvh Torbjørn Lindahl

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

This message: [ Message body ]
Next message: Todd Zullinger: "Re: Error: setroubleshootd dead but subsys locked"
Previous message: Ludman Tamás: "Squirrelmail_disk_quota_plugin"
Next in thread: Daniel J Walsh: "Re: more fine grained access in /etc"
Reply: Daniel J Walsh: "Re: more fine grained access in /etc"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]