new policy modules submission
Dominick Grift
domg472 at gmail.com
Fri Apr 29 13:21:06 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/29/2011 03:07 PM, Mr Dash Four wrote:
>
>>> ## <desc>
>>> ## <p>
>>> ## Allow bittorrent servers to modify
>>> ## public files used for public file
>>> ## transfer services. Directories/Files
>>> ## must be labeled public_content_rw_t.
>>> ## </p>
>>> ## </desc>
>>> gen_tunable(allow_httpd_anon_write, false)
>>>
>>
>> whoops copy and paste error ;) make that allow_bittorrentd_anon_write.
>>
>>
>>> tunable_policy(`allow_bittorrent_anon_write',`
>>> miscfiles_manage_public_files(bittorrentd_t)
>>> ')
>>>
>>
>> make that allow_bittorrentd_anon_write.
>>
> What files are these? As far as I know the only files transmissionbt
> writes are (using the default configuration) under /var/lib/transmission
> - that also includes temporary files created for it to operate. Could
> you give me an example please?
>
Yes but this policy allows you to share bittorrent content with other
services if so required.
you would label /var/lib/transmission type public_content_rw_t and set
allow_bittorrent_anon_write to allow bittorrentd_t to manage dirs and
files there that can be shared with other services. For example samba,
nfs etc etc.
It is tunable. So by default this functionality is disabled.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk26u0IACgkQMlxVo39jgT/UXACfdwGASrOOo0ZfkfCVDPYYhy0t
XTQAoL6oTUA57UYC0+FPRQycYMDGS19H
=Rp45
-----END PGP SIGNATURE-----
More information about the selinux
mailing list