Why can not user_t link var_lib_t files?
Dominick Grift
domg472 at gmail.com
Sun May 17 17:25:08 UTC 2009
On Sun, 2009-05-17 at 18:44 +0200, Göran Uddeborg wrote:
> Is there some reason user_t is denied to link a file with type
> var_lib_t (among others)? Or did it just happen that way? I don't
> see any security advantage.
> Thus my question, is this by design or by mistake?)
I think the policy author could probably give the right answer but i
think this is by design. Most stuff in /var is system stuff and not for
users. So if a user has nothing to do there then no need to give them
access either.
Stuff like /var/spool/mail/<user> is however accessible.
Like you suggested it is easy to create a extension or a new role/
custom user domain for this functionality.
If you want your users to be unrestricted then map the user to
unconfined_u
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the selinux
mailing list