|Main Archive Page > Month Archives > selinux archives|
On Wed, 2008-11-12 at 11:49 +1000, Murray McAllister wrote:
> The following are drafts for the "Fixing Problems" section. Any
> comments and corrections are appreciated.
> Linux Permissions
> When access is denied, check standard Linux permissions. As mentioned in
> Chapter 2, Introduction, most operating systems use a Discretionary
> Access Control (DAC) system to control access, allowing users to control
> the permissions of files that they own. SELinux policy rules are checked
> after DAC rules. SELinux policy rules are not used if DAC rules deny
> access first.
> If access is denied and no SELinux denials are logged,
Logically you would also mention the dontaudit case here, and how to check for denials hidden by dontaudit rules. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.