constraint violation problem
Daniel J Walsh
dwalsh at redhat.com
Mon May 20 13:07:58 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/20/2013 08:39 AM, Thorsten Scherf wrote:
> On [Mon, 20.05.2013 13:17], Dominick Grift wrote:
>> On Mon, 2013-05-20 at 09:41 +0200, Dominick Grift wrote:
>>> On Mon, 2013-05-20 at 09:28 +0300, Thorsten Scherf wrote:
>>>> On [Sun, 19.05.2013 17:15], Dominick Grift wrote:
>>>>> On Sun, 2013-05-19 at 14:15 +0300, Thorsten Scherf wrote:
>>>>>> Following setup:
>>>>>>
>>>>>> iucv instance is started via upstart to make iucv connections
>>>>>> available in a z/VM environment:
>>>>>>
>>>>>> # cat /etc/init/iucv.conf start on runlevel [2345] stop on
>>>>>> runlevel [01] respawn exec /usr/bin/iucvtty lnxterm
>>>>>>
>>>>>> iucvtty is running in init_t:
>>>>>>
>>>>>> # ps -efZ|grep iucv system_u:system_r:init_t:s0 root
>>>>>> 1788 1 0 13:56 ? 00:00:00
>>> /usr/bin/iucvtty lnxterm
>>>>>>
>>
>> I can help you write policy for iucv. If you want help, then please come
>> see me (grift) on #fedora-selinux at irc.freenode.org (internet relay
>> chat)
>
> Thanks Dominik, but I think I can manage it. Will let you know if I need
> further help.
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes running login ranged would be better then giving it overrides, because
theoretically, someone might want to run login program with less categories.
In the MLS world you might want to setup local login to only be able to reach
Secret level for example.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGaIC4ACgkQrlYvE4MpobMGcgCfRY5MwsY0Ke2BVlWB1J0NVUNi
UkcAn2VjX8ZtcCY+AeNC0Lp44Ga9otr7
=Z8Za
-----END PGP SIGNATURE-----
More information about the selinux
mailing list