Re: constraint violation problem
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/20/2013 08:39 AM, Thorsten Scherf wrote:
On [Mon, 20.05.2013 13:17], Dominick Grift wrote:
> On Mon, 2013-05-20 at 09:41 +0200, Dominick Grift wrote:
>> On Mon, 2013-05-20 at 09:28 +0300, Thorsten Scherf wrote:
>>> On [Sun, 19.05.2013 17:15], Dominick Grift wrote:
>>>> On Sun, 2013-05-19 at 14:15 +0300, Thorsten Scherf wrote:
>>>>> Following setup:
>>>>>
>>>>> iucv instance is started via upstart to make iucv connections
>>>>> available in a z/VM environment:
>>>>>
>>>>> # cat /etc/init/iucv.conf start on runlevel [2345] stop on
>>>>> runlevel [01] respawn exec /usr/bin/iucvtty lnxterm
>>>>>
>>>>> iucvtty is running in init_t:
>>>>>
>>>>> # ps -efZ|grep iucv system_u:system_r:init_t:s0 root
>>>>> 1788 1 0 13:56 ? 00:00:00
>> /usr/bin/iucvtty lnxterm
>>>>>
>
> I can help you write policy for iucv. If you want help, then please come
> see me (grift) on #fedora-selinux at irc.freenode.org (internet relay
> chat)
Thanks Dominik, but I think I can manage it. Will let you know if I need
further help.
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes running login ranged
would be better then giving it overrides, because
theoretically, someone might want to run login program with less categories.
In the MLS world you might want to setup local login to only be able to reach
Secret level for example.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGaIC4ACgkQrlYvE4MpobMGcgCfRY5MwsY0Ke2BVlWB1J0NVUNi
UkcAn2VjX8ZtcCY+AeNC0Lp44Ga9otr7
=Z8Za
-----END PGP SIGNATURE-----