Re: user guide drafts: "Linux Permissions" and "Manual Pages for Services"

From: Stephen Smalley <sds_at_nospam>
Date: Wed Nov 12 2008 - 15:31:41 GMT
To: Murray McAllister <mmcallis@redhat.com>

On Wed, 2008-11-12 at 11:49 +1000, Murray McAllister wrote:
> Hi,
>
> The following are drafts for the "Fixing Problems"[1] section. Any
> comments and corrections are appreciated.
>
> Linux Permissions
>
> When access is denied, check standard Linux permissions. As mentioned in
> Chapter 2, Introduction, most operating systems use a Discretionary
> Access Control (DAC) system to control access, allowing users to control
> the permissions of files that they own. SELinux policy rules are checked
> after DAC rules. SELinux policy rules are not used if DAC rules deny
> access first.
>
> If access is denied and no SELinux denials are logged,

Logically you would also mention the dontaudit case here, and how to check for denials hidden by dontaudit rules. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Joshua Brindle: "Re: [PATCH] semanage: Use semanage_mls_enabled"
Previous message: Stephen Smalley: "[PATCH] semanage: Use semanage_mls_enabled"
In reply to: Murray McAllister: "user guide drafts: "Linux Permissions" and "Manual Pages for Services""
Next in thread: Murray McAllister: "Re: user guide drafts: "Linux Permissions" and "Manual Pages for Services""
Reply: Murray McAllister: "Re: user guide drafts: "Linux Permissions" and "Manual Pages for Services""

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]