SELinux user domain policy question
Dominick Grift
domg472 at gmail.com
Mon Sep 13 16:37:22 UTC 2010
On Mon, Sep 13, 2010 at 06:29:29PM +0200, Roberto Sassu wrote:
> Hi all
>
> i'm investigating what types the domain user_t is allowed to execute, in
> particular those that don't belong to the exec_type attribute. I need more
> details about the attribute 'noxattrfs' and the type 'etc_t', more precisely
> in which circumstances they are executed by a regular user.
> Thanks in advance for replies.
Have you tried the seinfo and sesearch commands. Here are some examples:
sesearch -SC --allow -s user_t -t file_type -c file -p execute
sesearch -SC --allow -s userdomain -t etc_t -c file
sesearch -SC --allow -t exec_type
(man sesearch)
seinfo -x -aexec_type
seinfo -x -tetc_t
(man seinfo)
>
> Roberto Sassu
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100913/8f8642a7/attachment.bin
More information about the selinux
mailing list