On Tuesday 19 April 2005 12:25, Valdis.Kletnieks(a)vt.edu wrote:
> In those cases a dontaudit rule will usually do the job. If the
file
> system is not mounted then there's nothing that the application can
> usefully do under the mount point and usually ENOENT and EACCESS usually
> get the same code paths in most applications that try to open files.
In my case, actually labelling the directories correctly was the better
fix.
For you maybe. In a general sense it isn't. We have no automatic system for
using umount or mount --bind to allow labelling of such mount points and we
can't expect most users to be able to do it.
Personally, I'm not thrilled by the idea of sticking in dontaudit
rules to
quiet complaints at boot time that are caused by directories that are
mislabelled.
Why not?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page