Tim: >> Really, how difficult would it have been for WORLD READABLE file >> permissions to be treated as such by SELinux? Rahul Sundaram wrote: > "world readable" is a DAC based permission model. SELinux is MAC based. > see Fedora SELinux FAQ on this. The whole point of SELinux is to > restrict operations based on the process above and top of the classic > Linux permissions Be that as it may, it's counterintuitive: Why should we have to set permissions in two different ways? If we set something as world readable, let the system actually apply that setting (it should also set appropriate SELinux restrictions for you). Owner permissions are one thing. But setting something as world readable ought to be treated just as you intended. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
