SELinux user domain policy question
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 13 18:27:01 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/13/2010 12:29 PM, Roberto Sassu wrote:
> Hi all
>
> i'm investigating what types the domain user_t is allowed to execute, in
> particular those that don't belong to the exec_type attribute. I need more
> details about the attribute 'noxattrfs' and the type 'etc_t', more precisely
> in which circumstances they are executed by a regular user.
> Thanks in advance for replies.
>
> Roberto Sassu
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
In addition to Domick's comments.
Remember the user_t is still governed by DAC. Meaning that an
executable labeled etc_t would only be executable by the user if he
could execute it, even if SELinux was disabled.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkyObPUACgkQrlYvE4MpobOB3ACg6mdLPF/AyliygSXpdzhhDpgz
KZUAnRRdv98Ta275wJ89tuIWT7sULoka
=FpUa
-----END PGP SIGNATURE-----
More information about the selinux
mailing list