Selinux Fun
Ignacio Vazquez-Abrams
ivazquez at ivazquez.net
Tue Mar 29 04:48:43 UTC 2005
On Mon, 2005-03-28 at 22:41 -0500, Alan J. Gagne wrote:
> allow unconfined_t default_t:file execmod;
> allow unconfined_t tmp_t:file execmod;
> allow unconfined_t user_home_t:file execmod;
> allow unconfined_t usr_t:file execmod;
> I can now start the oracle processes with selinux set to enforce.
> This may have broken some security that should be in place so
> if anybody has any further info please correct my habits before
> they become engrained for life.
Yikes. unconfined_t is used for unconfined apps for the targeted policy
(i.e., almost no limits). Best to change the file contexts of the Oracle
application and add properly refined rules.
--
Ignacio Vazquez-Abrams <ivazquez at ivazquez.net>
http://fedora.ivazquez.net/
gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20050328/6fea0723/attachment.bin
More information about the test
mailing list